AWS::RAM::ResourceShare

Creates a resource share. You can provide a list of the Amazon Resource Names (ARNs) for the resources that you want to share, a list of principals you want to share the resources with, and the permissions to grant those principals.

Note

Sharing a resource makes it available for use by principals outside of the AWS account that created the resource. Sharing doesn't change any permissions or quotas that apply to the resource in the account that created it.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::RAM::ResourceShare",
  "Properties" : {
      "AllowExternalPrincipals" : Boolean,
      "Name" : String,
      "PermissionArns" : [ String, ... ],
      "Principals" : [ String, ... ],
      "ResourceArns" : [ String, ... ],
      "Sources" : [ String, ... ],
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::RAM::ResourceShare
Properties:
  AllowExternalPrincipals: Boolean
  Name: String
  PermissionArns: 
    - String
  Principals: 
    - String
  ResourceArns: 
    - String
  Sources: 
    - String
  Tags: 
    - Tag

Properties

AllowExternalPrincipals

Specifies whether principals outside your organization in AWS Organizations can be associated with a resource share. A value of true lets you share with individual AWS accounts that are not in your organization. A value of false only has meaning if your account is a member of an AWS Organization. The default value is true.

Required: No

Type: Boolean

Update requires: No interruption

Name

Specifies the name of the resource share.

Required: Yes

Type: String

Update requires: No interruption

PermissionArns

Specifies the Amazon Resource Names (ARNs) of the AWS RAM permission to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share.

Required: No

Type: Array of String

Update requires: No interruption

Principals

Specifies the principals to associate with the resource share. The possible values are:

• An AWS account ID

• An Amazon Resource Name (ARN) of an organization in AWS Organizations

• An ARN of an organizational unit (OU) in AWS Organizations

• An ARN of an IAM role

• An ARN of an IAM user

Note

Not all resource types can be shared with IAM roles and users. For more information, see the column Can share with IAM roles and users in the tables on Shareable AWS resources in the AWS Resource Access Manager User Guide.

Required: No

Type: Array of String

Update requires: No interruption

ResourceArns

Specifies a list of one or more ARNs of the resources to associate with the resource share.

Required: No

Type: Array of String

Update requires: No interruption

Sources

Property description not available.

Required: No

Type: Array of String

Update requires: No interruption

Tags

Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns The ID of the resource share.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the resource share.

Examples

Creating a resource share

The following example demonstrates how to create a resource share.

YAML

AWSTemplateFormatVersion: 2010-09-09
Resources:
  myresourceshare:
    Type: "AWS::RAM::ResourceShare"
    Properties:
      Name: "My Resource Share"
      ResourceArns:
        - "arn:aws:ec2:us-east-1:123456789012:resource-type/12345678-1234-1234-1234-12345678"
      Principals:
        - "210987654321"
      Tags:
        - Key: "Key1"
          Value: "Value1"
        - Key: "Key2"
          Value: "Value2"

JSON

{
  "AWSTemplateFormatVersion": "2010-09-09T00:00:00.000Z",
  "Resources": {
    "myresourceshare": {
      "Type": "AWS::RAM::ResourceShare",
      "Properties": {
        "Name": "My Resource Share",
        "ResourceArns": [
          "arn:aws:ec2:us-east-1:123456789012:resource-type/12345678-1234-1234-1234-12345678"
        ],
        "Principals": [
          "210987654321"
        ],
        "Tags": [
          {
            "Key": "Key1",
            "Value": "Value1"
          },
          {
            "Key": "Key2",
            "Value": "Value2"
          }
        ]
      }
    }
  }
}

See also

• CreateResourceShare in the AWS Resource Access Manager API Reference

• AWS Resource Access Manager User Guide