AWS::RAM::ResourceShare - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamplesSee also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::RAM::ResourceShare

Creates a resource share. You can provide a list of the Amazon Resource Names (ARNs) for the resources that you want to share, a list of principals you want to share the resources with, and the permissions to grant those principals.

Note

Sharing a resource makes it available for use by principals outside of the Amazon Web Services account that created the resource. Sharing doesn't change any permissions or quotas that apply to the resource in the account that created it.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::RAM::ResourceShare",
  "Properties" : {
      "AllowExternalPrincipals" : Boolean,
      "Name" : String,
      "PermissionArns" : [ String, ... ],
      "Principals" : [ String, ... ],
      "ResourceArns" : [ String, ... ],
      "Sources" : [ String, ... ],
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::RAM::ResourceShare
Properties:
  AllowExternalPrincipals: Boolean
  Name: String
  PermissionArns: 
    - String
  Principals: 
    - String
  ResourceArns: 
    - String
  Sources: 
    - String
  Tags: 
    - Tag

Properties

AllowExternalPrincipals

Specifies whether principals outside your organization in Amazon Organizations can be associated with a resource share. A value of true lets you share with individual Amazon Web Services accounts that are not in your organization. A value of false only has meaning if your account is a member of an Amazon Organization. The default value is true.

Required: No

Type: Boolean

Update requires: No interruption

Name

Specifies the name of the resource share.

Required: Yes

Type: String

Update requires: No interruption

PermissionArns

Specifies the Amazon Resource Names (ARNs) of the Amazon RAM permission to associate with the resource share. If you do not specify an ARN for the permission, Amazon RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share.

Required: No

Type: Array of String

Update requires: No interruption

Principals

Specifies the principals to associate with the resource share. The possible values are:

  • An Amazon Web Services account ID

  • An Amazon Resource Name (ARN) of an organization in Amazon Organizations

  • An ARN of an organizational unit (OU) in Amazon Organizations

  • An ARN of an IAM role

  • An ARN of an IAM user

Note

Not all resource types can be shared with IAM roles and users. For more information, see the column Can share with IAM roles and users in the tables on Shareable Amazon resources in the Amazon Resource Access Manager User Guide.

Required: No

Type: Array of String

Update requires: No interruption

ResourceArns

Specifies a list of one or more ARNs of the resources to associate with the resource share.

Required: No

Type: Array of String

Update requires: No interruption

Sources

Property description not available.

Required: No

Type: Array of String

Update requires: No interruption

Tags

Specifies one or more tags to attach to the resource share itself. It doesn't attach the tags to the resources associated with the resource share.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns The ID of the resource share.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the resource share.

Examples

Creating a resource share

The following example demonstrates how to create a resource share.

YAML

AWSTemplateFormatVersion: 2010-09-09
Resources:
  myresourceshare:
    Type: "AWS::RAM::ResourceShare"
    Properties:
      Name: "My Resource Share"
      ResourceArns:
        - "arn:aws:ec2:us-east-1:123456789012:resource-type/12345678-1234-1234-1234-12345678"
      Principals:
        - "210987654321"
      Tags:
        - Key: "Key1"
          Value: "Value1"
        - Key: "Key2"
          Value: "Value2"

JSON

{
  "AWSTemplateFormatVersion": "2010-09-09T00:00:00.000Z",
  "Resources": {
    "myresourceshare": {
      "Type": "AWS::RAM::ResourceShare",
      "Properties": {
        "Name": "My Resource Share",
        "ResourceArns": [
          "arn:aws:ec2:us-east-1:123456789012:resource-type/12345678-1234-1234-1234-12345678"
        ],
        "Principals": [
          "210987654321"
        ],
        "Tags": [
          {
            "Key": "Key1",
            "Value": "Value1"
          },
          {
            "Key": "Key2",
            "Value": "Value2"
          }
        ]
      }
    }
  }
}

See also