AWS::RAM::ResourceShare
Specifies a resource share.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::RAM::ResourceShare", "Properties" : { "AllowExternalPrincipals" :Boolean, "Name" :String, "PermissionArns" :[ String, ... ], "Principals" :[ String, ... ], "ResourceArns" :[ String, ... ], "Tags" :[ Tag, ... ]} }
YAML
Type: AWS::RAM::ResourceShare Properties: AllowExternalPrincipals:BooleanName:StringPermissionArns:- StringPrincipals:- StringResourceArns:- StringTags:- Tag
Properties
AllowExternalPrincipals-
Specifies whether principals outside your organization in AWS Organizations can be associated with a resource share. A value of
truelets you share with individual AWS accounts that are not in your organization. A value offalseonly has meaning if your account is a member of an AWS Organization. The default value istrue.Required: No
Type: Boolean
Update requires: No interruption
Name-
Specifies the name of the resource share.
Required: Yes
Type: String
Update requires: No interruption
PermissionArns-
Specifies the Amazon Resource Names (ARNs) of the AWS RAM permission to associate with the resource share. If you do not specify an ARN for the permission, AWS RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share.
Required: No
Type: List of String
Update requires: No interruption
Principals-
Specifies a list of one or more principals to associate with the resource share.
You can include the following values:
-
An AWS account ID, for example:
123456789012 -
An Amazon Resoure Name (ARN) of an organization in AWS Organizations, for example:
arn:aws:organizations::123456789012:organization/o-exampleorgid -
An ARN of an organizational unit (OU) in AWS Organizations, for example:
arn:aws:organizations::123456789012:ou/o-exampleorgid/ou-examplerootid-exampleouid123 -
An ARN of an IAM role, for example:
arn:aws:iam::123456789012:role/rolename -
An ARN of an IAM user, for example:
arn:aws:iam::123456789012user/username
Note Not all resource types can be shared with IAM roles and users. For more information, see Sharing with IAM roles and users in the AWS Resource Access Manager User Guide.
Required: No
Type: List of String
Update requires: No interruption
-
ResourceArns-
Specifies a list of one or more ARNs of the resources to associate with the resource share.
Required: No
Type: List of String
Update requires: No interruption
Tags-
Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share.
Required: No
Type: List of Tag
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the resource share.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Examples
Creating a Resource Share
The following example demonstrates how to create a resource share.
YAML
AWSTemplateFormatVersion: 2010-09-09 Resources: myresourceshare: Type: "AWS::RAM::ResourceShare" Properties: Name: "My Resource Share" ResourceArns: - "arn:aws:ec2:us-east-1:123456789012:resource-type/12345678-1234-1234-1234-12345678" Principals: - "210987654321" Tags: - Key: "Key1" Value: "Value1" - Key: "Key2" Value: "Value2"
JSON
{ "AWSTemplateFormatVersion": "2010-09-09T00:00:00.000Z", "Resources": { "myresourceshare": { "Type": "AWS::RAM::ResourceShare", "Properties": { "Name": "My Resource Share", "ResourceArns": [ "arn:aws:ec2:us-east-1:123456789012:resource-type/12345678-1234-1234-1234-12345678" ], "Principals": [ "210987654321" ], "Tags": [ { "Key": "Key1", "Value": "Value1" }, { "Key": "Key2", "Value": "Value2" } ] } } } }
See also
-
CreateResourceShare in the AWS Resource Access Manager API Reference
