Skip to content

Ram

Resource Access Manager Basics

  • RAM is used to share resources between AWS accounts
  • Product needs to support RAM
  • The resource is shared with Principals. A Principal can be an AWS Account, an OU or an entire Org
  • Shared resources become natively availabl i.e. they are visible in the Principal's AWS console as well as in aws command line for them
  • No cost for RAM
  • AZ names are rotated. i.e. what is AZ1 in account A1 may not be AZ1 in A2
  • Other than AZ name each AZ has an AZ ID. This ID is consistent across all accounts
  • The account that creates the sharing is called Owner Account
  • IF the receiving account is in the same Organization as the Owner Account, then the sharing is accepted automatically
  • IF account is in a different organization or does not belong to any organization then they will have to accept the sharing invite for it to get enabled
  • With Shared Services VPC, the participating accounts can use the vpc and subnet. But they can not modify them
  • Participating accounts can provision their own resources (e.g. EC2) in the shared service VPC. The resources provisioned by partitipating accounts are still owned by them