Considerations for using customer managed permissions in Amazon RAM - Amazon Resource Access Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Considerations for using customer managed permissions in Amazon RAM

Customer managed permissions are only available in the Amazon Web Services Region that you create them in. Not all resource types support customer managed permissions. For a list of supported resource types in Amazon Resource Access Manager, see Shareable Amazon resources.

Customer managed permissions with multiple statements aren't supported. You can only use single non-negating operators in customer managed permissions.

The following conditions aren't supported in customer managed permissions:

  • Principal in the organization related:

    • aws:PrincipalOrgId

    • aws:PrincipalOrgPaths

    • aws:PrincipalAccount

  • Principal for a specified service related:

    • aws:SourceArn

    • aws:SourceAccount

  • System tags:

    • aws:PrincipalTag/aws:

    • aws:ResourceTag/aws:

    • aws:RequestTag/aws: