Sharing a Workload - AWS Well-Architected Tool

Sharing a Workload

You can share a workload that you own with other AWS accounts and IAM users in the same AWS Region.


You can only share workloads within the same AWS Region.

To share a workload

  1. Sign in to the AWS Management Console and open the AWS Well-Architected Tool console at

  2. In the left navigation pane, choose Workloads.

  3. Select a workload that you own in one of the following ways:

    • Choose the name of the workload.

    • Select the workload and choose View details.

  4. Choose Shares and choose Create to create a workload invitation.

  5. Enter the 12-digit AWS account ID or the ARN of the IAM user that you want to share the workload with.

  6. Choose the permission that you want to grant.


    Provides read-only access to the workload.


    Provides update access to answers and their notes, and read-only access to the rest of the workload.

  7. Choose Create to send a workload invitation to the specified AWS account or IAM user.

If the workload invitation is not accepted within seven days, the invitation is automatically expired.

If an IAM user and the user's AWS account both have workload invitations, the workload invitation for the IAM user determines the user's permission to the workload.

To see who has shared access to a workload, choose Shares from the Workload Details page.

To prevent an entity from sharing workloads, attach a policy that denies wellarchitected:CreateWorkloadShare actions.