AWS Resource Access Manager のアイコン

AWS Resource Access Manager Specialized2018年〜

Securely share AWS resources with other accounts within your organization

About 2 min read

What It Does

AWS Resource Access Manager (RAM) lets you securely share AWS resources with other accounts or OUs (organizational units) within your organization. You can share Transit Gateways, subnets, Route 53 Resolver rules, License Manager configurations, Aurora DB clusters, and more - avoiding duplicate resource creation and reducing costs.

Use Cases

Sharing Transit Gateways across the organization, providing shared VPC subnets, centrally managing Route 53 Resolver rules, and applying license configurations organization-wide.

Everyday Analogy

Think of shared office equipment. Instead of each department (account) buying its own printer (resource), you set up a shared printer (RAM-shared resource) that all departments can use. Management is handled by the facilities team (resource owner).

What Is RAM?

AWS RAM simplifies resource sharing. Previously, providing resources to other accounts required creating the same resource in each account or setting up cross-account IAM roles. With RAM, the resource owner simply specifies who to share with, and the target accounts can use the resource directly.

Shareable Resources and Permissions

RAM supports sharing a wide range of resources including Transit Gateways, VPC subnets, Route 53 Resolver rules, License Manager configurations, Aurora DB clusters, and CodeBuild projects. You can share with specific account IDs, OUs, or the entire organization. Permissions on shared resources are controlled by AWS-managed permissions, preventing excessive access for recipients. For real-world examples and best practices on shareable resources and permissions, specialized books on Amazon are a useful reference.

Getting Started

In the RAM console, select "Create resource share" and specify the resources to share and the recipients (account IDs, OUs). Sharing within an Organization is auto-approved. Sharing with accounts outside the organization requires recipient approval.

Things to Watch Out For

  • RAM itself is free. Usage charges for shared resources are billed to the resource owner's account
  • Enabling trusted access in Organizations allows auto-approval for intra-organization sharing
共有するXB!

Related Services

AWS Organizations iconAWS OrganizationsA service for centrally managing multiple AWS accountsAWS Transit Gateway iconAWS Transit GatewayA network hub that connects multiple VPCs and on-premises networks in a hub-and-spoke topologyAmazon VPC iconAmazon VPCBuild a logically isolated virtual network on AWSAmazon Route 53 iconAmazon Route 53A highly available Domain Name System (DNS) and domain registration service

Related Articles

Why AWS Availability Zone IDs Differ Per Account - The Design Intent Behind AZ MappingExplains how us-east-1a maps to different physical AZs per account, why AZ IDs (use1-az1) were introduced, the design intent of even capacity distribution, and considerations for cross-account AZ specification.Multi-Account Management - Organization-Wide Governance with AWS Organizations and RAMLearn how to deploy CloudTrail, Config, GuardDuty, and Security Hub across all accounts using the Organizations delegated administrator model, achieving unified security and compliance management.Cross-Account Resource Sharing with AWS RAM - Sharing VPC Subnets and Transit GatewaysLearn how to share VPC subnets and Transit Gateways across accounts to centralize IP address space management and reduce VPC peering connections.Resource Sharing Management - Efficient Resource Utilization in Multi-Account Environments with AWS RAMLearn about resource sharing in multi-account environments with AWS RAM (Resource Access Manager) and organization-wide resource management through AWS Organizations integration. Explore practical patterns for VPC subnet sharing and Transit Gateway sharing.Multi-Account Design for Amazon VPC Lattice - RAM Sharing and Service Network Configuration PatternsLearn how to design VPC Lattice for multi-account environments, including RAM sharing strategies, service network partitioning, and hierarchical Auth Policy design.

More in This Category

IAM Access Analyzer iconIAM Access Analyzer SpecializedA service that detects externally accessible resources and unused access permissionsAWS Certificate Manager iconAWS Certificate Manager EssentialA service that automates provisioning, management, and deployment of SSL/TLS certificatesAWS Artifact iconAWS Artifact SpecializedA service for on-demand access to AWS compliance reports and agreementsAWS Audit Manager iconAWS Audit Manager SpecializedA service that automates evidence collection and assessment for compliance auditsAWS CloudHSM iconAWS CloudHSM SpecializedA service for managing encryption keys using dedicated hardware security modulesAmazon Cognito iconAmazon Cognito PopularA service that provides authentication, authorization, and user management for web and mobile applicationsAmazon Detective iconAmazon Detective SpecializedA service that automatically analyzes security findings and investigates root causesAWS Directory Service iconAWS Directory Service SpecializedA service that provides managed Active Directory on AWS

Similar Articles and Services

Cross-Account Resource Sharing with AWS RAM - Sharing VPC Subnets and Transit GatewaysLearn how to share VPC subnets and Transit Gateways across accounts to centralize IP address space management and reduce VPC peering connections.Resource Sharing Management - Efficient Resource Utilization in Multi-Account Environments with AWS RAMLearn about resource sharing in multi-account environments with AWS RAM (Resource Access Manager) and organization-wide resource management through AWS Organizations integration. Explore practical patterns for VPC subnet sharing and Transit Gateway sharing.Multi-Account Management - Organization-Wide Governance with AWS Organizations and RAMLearn how to deploy CloudTrail, Config, GuardDuty, and Security Hub across all accounts using the Organizations delegated administrator model, achieving unified security and compliance management.Multi-Account Design for Amazon VPC Lattice - RAM Sharing and Service Network Configuration PatternsLearn how to design VPC Lattice for multi-account environments, including RAM sharing strategies, service network partitioning, and hierarchical Auth Policy design.