Introduction
AWS Resource Access Manager (RAM) is a service provided by Amazon Web Services (AWS) that allows you to share AWS resources between AWS accounts or within your own account, without needing to use multiple accounts or rely on complicated permission policies.
With AWS RAM, you can centrally manage and share resources such as Amazon EC2 instances, Amazon S3 buckets, Amazon Aurora clusters, Amazon RDS databases, and other supported resources.
AWS RAM allows you to create resource shares, which are a collection of resources that you want to share with other accounts or within your own account. You can choose which AWS accounts have access to your resource shares, and you can also specify the level of access that they have, such as read-only or full access.
AWS RAM provides a secure way to share resources without the need to create separate accounts for each entity or manually manage complex permission policies. This can help simplify the management of resources, reduce administrative overhead, and improve security by allowing you to control access to resources more granularly.
Enabling AWS Resource Access Manager
Enabling AWS Resource Access Manager (RAM) within an AWS Organization is a relatively straightforward process. Here are the steps to follow:
- Sign in to the AWS Management Console in your AWS Management Account
- Navigate to the AWS Organizations console
- From the left-hand navigation pane, select “Services” (as shown in Figure 1)
- In the Services section, scroll down and click on RAM (as shown in Figure 2)
- In the RAM section, click on Enable “trusted access” (as shown in Figure 3)
- Check the box to enable trusted access, type “enable”, and click on “Enable trusted access” (as shown in Figure 4)
Sharing a Transit Gateway
In this blog post, we will focus on AWS Resource Access Manager in sharing Transit Gateway to other accounts. But before we dive into that, let’s take a quick look at what AWS Transit Gateway is.
AWS Transit Gateway (TGW) is a fully-managed service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and on-premises networks to a single gateway. This allows for easy management and scaling of VPCs and simplifies network architecture. AWS Transit Gateway also allows users to consolidate their AWS accounts and simplify network connectivity.
Sharing Transit Gateway with Other Accounts Using AWS Resource Access Manager
Sharing AWS Transit Gateway with other accounts was previously a complex process that required users to establish peering connections between VPCs or create VPC attachments to the same Transit Gateway. However, with AWS Resource Access Manager, sharing TGWs across accounts has become a lot simpler.
To share a Transit Gateway with another account using RAM, follow these steps:
First, login into the AWS account holding the TGW and then navigate to the AWS Resource Access Manager console and click on Create resource share (as shown in Figure 5).
Next, name your resource share, select the “Transit Gateways” resource type, and select the TGW you want to share; click on “Next”. (as shown in Figure 6).
Click “Next” at the Associate permissions section (as shown in Figure 7).
Next, choose the accounts that you want to share the attachments with. You can share the attachments with individual AWS accounts or with AWS Organizations (as shown in Figure 8).
Once you click on “Next”, you will be sent to the Review screen, where you can click on “Create resource share”.
Once the account(s) have accepted the resource share, they can use the Transit Gateway as if it was in their own account.
Conclusion
AWS Resource Access Manager is a powerful tool that enables users to share AWS resources securely and easily between different accounts within an organization. By enabling RAM and sharing resources like Transit Gateways, users can simplify network management and collaboration, while maintaining granular control over who has access to resources and what level of access they are granted. Whether you are managing a large-scale project or simply looking to streamline resource sharing between different teams, AWS RAM is a powerful tool that can help you achieve your goals.