Working with shared resources in AWS End User Messaging SMS - AWS End User Messaging SMS

Working with shared resources in AWS End User Messaging SMS

AWS End User Messaging SMS integrates with AWS Resource Access Manager (AWS RAM) to enable resource sharing. AWS RAM is a service that enables you to share some AWS End User Messaging SMS resources with other AWS accounts or through AWS Organizations. With AWS RAM, you share resources that you own by creating a resource share. A resource share specifies the resources to share, and the consumers with whom to share them. Consumers can include:

  • Specific AWS accounts inside or outside of its organization in AWS Organizations

  • An organizational unit inside its organization in AWS Organizations

  • Its entire organization in AWS Organizations

  • Other AWS Services like Amazon Pinpoint or Amazon SNS

For more information about AWS RAM, see the AWS RAM User Guide.

This topic explains how to share resources that you own, and how to use resources that are shared with you.

Prerequisites for sharing phone number, pool, opt-out list, or sender IDs

  • To share a phone number, pool, opt-out list, or sender ID, you must own it in your AWS account. This means that the resource must be allocated or provisioned in your account. You cannot share a phone number, pool, opt-out list, or sender ID that has been shared with you.

  • To share a phone number, pool, opt-out list, or sender ID with your organization or an organizational unit in AWS Organizations, you must enable sharing with AWS Organizations. For more information, see Enable Sharing with AWS Organizations in the AWS RAM User Guide.

Sharing a phone number, pool, opt-out list, or sender ID

When you share a resources that you own with other AWS accounts, you enable them to do the following:

  • Opt-Out List – Consumers with access to this resource can check the status of a phone number, remove a phone number, and add phone numbers to the opt-out list.

  • PhoneNumber – Consumers with access to this resource can use the phone number to send messages.

  • Pool – Consumers with access to this resource can view the pool. Any resources contained in the pool must also be shared for other AWS accounts to be able to access them. You can have a mix of shared and unshared resources in a pool.

  • Sender ID – Consumers with access to this resource can use the Sender Id to send messages.

To share a phone number, pool, opt-out list, or sender ID, you must add it to a resource share. A resource share is an AWS RAM resource that lets you share your resources across AWS accounts. A resource share specifies the resources to share, and the consumers with whom they are shared. When you share a phone number, pool, opt-out list, or sender ID using the AWS End User Messaging SMS console, you add it to an existing resource share. To add the phone number, pool, opt-out list, or sender ID to a new resource share, you must first create the resource share using the AWS RAM console.

If you are part of an organization in AWS Organizations and sharing within your organization is enabled, consumers in your organization are automatically granted access to the shared phone number, pool, opt-out list, or sender ID. Otherwise, consumers receive an invitation to join the resource share and are granted access to the shared phone number, pool, opt-out list, or sender ID after accepting the invitation.

You can share a phone number, pool, opt-out list, or sender ID that you own using the AWS End User Messaging SMS console, AWS RAM console, or the AWS CLI.

Note

Shared resources can only be used through the AWS CLI or AWS End User Messaging SMS and Voice v2 API. To use a shared resource you must use the full Amazon Resource Name (ARN).

To view resources shared with your account you must use the AWS CLI or the AWS RAM console.

We recommend using the AWS RAM console to share resources.

To share a phone number, pool, opt-out list, or sender ID that you own using the AWS End User Messaging SMS console
  1. Open the AWS End User Messaging SMS console at https://console.aws.amazon.com/sms-voice/.

  2. In the navigation pane, under Configurations, choose the resource type and then resource.

  3. On the Resource policy tab, choose Edit.

  4. You can edit the JSON resource based policy to change sharing permissions.

  5. Choose Save changes.

To share a phone number, pool, opt-out list, or sender ID that you own using the AWS RAM console

See Creating a Resource Share in the AWS RAM User Guide.

To share a phone number, pool, opt-out list, or sender ID that you own using the AWS CLI

Use the create-resource-share command.

Unsharing a shared phone number, pool, opt-out list, or sender ID

When a resource owner stops sharing a phone number, pool, opt-out list, or sender ID with a consumer, the resource no longer appears in the consumer's console.

To unshare a shared phone number, pool, opt-out list, or sender ID that you own, you must remove it from the resource share. You can do this using the AWS End User Messaging SMS console, AWS RAM console, or the AWS CLI.

To unshare a shared phone number, pool, opt-out list, or sender ID that you own using the AWS RAM console

See Updating a Resource Share in the AWS RAM User Guide.

To unshare a shared phone number, pool, opt-out list, or sender ID that you own using the AWS CLI

Use the disassociate-resource-share command.

Identifying a shared phone number, pool, opt-out list, or sender ID

Owners and consumers can identify shared phone number, pool, opt-out list, or sender IDs using the AWS CLI.

Note

Phone numbers, pools, opt-out list, and sender IDs are generally not identifiable as a shared resource in the AWS End User Messaging SMS console.

To identify a shared phone number, pool, opt-out list, or sender ID using the AWS CLI

Use the describe-opt-out-lists, describe-phone-numbers, describe-pools, or describe-sender-ids command with the Owner parameter set to SHARED. The command returns the phone number, pool, opt-out list, or sender IDs that are shared with you.

Responsibilities and permissions for shared phone number, pool, opt-out list, or sender IDs

Permissions for owners

Owners can update, view, share, stop sharing, and use phone number, pool, opt-out list, or sender IDs.

Permissions for consumers

Consumers can use and view phone number, pool, opt-out list, or sender IDs.

Billing and metering

The owner of the resource is billed for the resource. Consumers aren't billed for resources shared with them but are billed for using resources to send messages. There aren't extra costs associated with sharing a resource.

Consumers are billed for sending a message with send-text-message, send-media-message or send-voice-message and this counts against the consumers spending limits. For more information about pricing or spending limits, see AWS End User Messaging Pricing and Set AWS End User Messaging SMS's SMS, MMS or voice spending limit.

Instance quotas

Sharing a resource doesn't affect the limits of the resource in the owner's or consumer's account. Only the owner's account is used to calculate the limits of the resource.

Example policies for sharing resources

We recommend that you use the AWS RAM console to create and manage resource shares.

The following example allows Amazon Pinpoint to send SMS or Voice messages with the specified phone number.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "pinpoint.amazonaws.com" }, "Action": [ "sms-voice:SendTextMessage", "sms-voice:SendVoiceMessage" ] "Resource":"arn:Partition:sms-voice:Region:Account:phone-number/Phone-id", "Condition": { "StringEquals": { "aws:SourceAccount": "Account" } } } ] }

In the preceding command, make the following changes:

  • Replace Partition with the AWS partition the phone number is in.

  • Replace Region with the AWS Region the phone number is in.

  • Replace Account with the account number that owns the phone number.

  • Replace Phone-id with the identifier of the phone number.

The following example allows Amazon Pinpoint to send SMS messages with the specified sender ID.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "pinpoint.amazonaws.com" }, "Action": [ "sms-voice:SendTextMessage" ] "Resource":"arn:Partition:sms-voice:Region:Account:sender-id/Senderid/Countrycode", "Condition": { "StringEquals": { "aws:SourceAccount": "Account" } } } ] }
  • Replace Partition with the AWS partition the sender ID is in.

  • Replace Region with the AWS Region the sender ID is in.

  • Replace Account with the account number that owns the sender ID.

  • Replace Senderid with the identifier of the sender ID.

  • Replace Countrycode with the two-letter ISO-3166 alpha-2 code for the country of the sender ID.