This module allows you to share supported AWS resources to another accounts or AWS organization
module "aws-ram" {
source = "tokarev-artem/ram/aws"
version = "~> 1.0"
name = "Share Subnets to develop account"
resource_arns = ["arn:aws:ec2:eu-central-1:123456789101:subnet/subnet-1234567abcd", "arn:aws:ec2:eu-central-1:123456789101:subnet/subnet-abcdef1234"]
principals = ["arn:aws:organizations::101987654321:organization/o-abcdef1234", "55555555555"]
tags = {
OwnedBy = "network"
}
}For organization unit - need to use ARN, but not o-XXXXXXXXXX id, arn can be taken by simply running: $ aws organizations describe-organization
Documentation: https://docs.aws.amazon.com/cli/latest/reference/organizations/describe-organization.html
If you wish to share with the principal, accepting the sharing is mandatory. Please see examples.
| Name | Version |
|---|---|
| aws | >= 4.66 |
| Name | Description |
|---|---|
| principal_association_arns | The ARNs of the principal associations |
| resource_association_arns | The ARNs of the resource associations |
| resource_share_arn | The ARN of the created resource share |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | The name of the resource share. | string |
n/a | yes |
| principals | The principal to associate with the resource share. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN | list(string) |
n/a | yes |
| resource_arns | The Amazon Resource Name (ARN) of the resource share. | list(string) |
n/a | yes |
| allow_external_principals | Indicates whether principals outside your organization can be associated with a resource share. | bool |
true |
no |
| permission_arns | Specifies the Amazon Resource Names (ARNs) of the RAM permission to associate with the resource share. If you do not specify an ARN for the permission, RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share. | list(string) |
[] |
no |
| tags | Tags map for aws_ram_resource_share resource | map(string) |
{} |
no |