Share a core network

You can use AWS Resource Access Manager to share a core network across accounts or across your organization. By default, AWS Identity and Access Management (IAM) users do not have permission to create or modify AWS RAM resources. To allow users to create or modify resources and perform tasks, you must create IAM policies that grant permission to use specific resources and API actions. You then attach those policies to the users or groups that require those permissions.

Only the network owner can perform the following operations:

• Create a resource share.

• Create a core network.

• Update a resource share.

• View a resource share.

• View the resources shared by your account, across all resource shares.

• View the principals with whom you're sharing your resources, across all resource shares. Viewing these principals provides you with the information to determine who has access to your shared resources.

• Delete a resource share.

You can perform the following operations on resources that are shared with you:

• Accept or reject a resource share invitation.

• View a resource share.

• View the shared resources that you can access.

• View a list of all of the principals that are sharing resources with you.

• Run the list-core-networks API to view information about the core networks you own. See list-core-networks.

• Run the APIs that create, view, and delete VPC attachments:

  Note

  A shared core network supports only VPC transit gateway attachments.

  • Create a VPC attachment: create-vpc-attachment

  • Get a VPC attachment: get-vpc-attachment

  • Delete a VPC attachment: delete-vpc-attachment

• Leave a resource share.

When a core network is shared with an account, the account that accepts the shared core network can't make any changes to it, but it can create VPC attachments to the shared network.

Important

You must share your global resource from the N. Virginia (us-east-1) Region so that all other Regions can see the global resource.

To share a core network

1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

2. Under Connectivity, choose Global networks.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Core network.

5. The Overview page opens by default.

6. Choose the Sharing tab.

7. To create a resource share, choose Share core network.

8. In the Resource sharing field, choose an existing resource share.

9. For the Available resource share, choose the resource that you want to share, and then choose Create resource share.

10. If there are no resources available to share, you'll need to create a new resource share:

    1. Choose Create resource share. See Create a resource share in the AWS RAM User Guide.

    2. After creating the resource share in AWS RAM, return to the Sharing page of your core network.

    3. Choose the Refresh icon. The page updates to show the new resource share that you created.

    4. Choose the newly added resource.

11. Choose Share core network.

On the Sharing page, you can stop sharing any core network resource.

To stop sharing a core network share

1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

2. Under Connectivity, choose Global networks.

3. On the Global networks page, choose the global network ID.

4. In the navigation pane, choose Core network.

5. The Overview page opens by default.

6. Choose the Sharing tab.

7. To create a resource share, choose Share core network.

8. In the Resource sharing field, choose an existing shared resource.

9. Choose Stop sharing.