Posted On: Jul 28, 2021
Amazon Resource Access Manager (RAM) helps you securely share your resources across Amazon Web Services accounts within your organization or organizational units (OUs) in Amazon Web Services Organizations, and now also with IAM roles and IAM users for supported resource types. Also with this release, Amazon RAM now provides additional managed permissions that you can use to define access to shared resources. In addition to the default managed permission defined for each shareable resource type, you now have more flexibility to choose which permissions to grant to whom for resource types that support additional managed permissions.
Amazon RAM managed permissions define what actions can be performed on shared resources. For example, when you share a resource type that supports FullAccess (Read and Write permissions) and ReadOnly managed permissions, you can share the resources with the FullAccess managed permission with an administrator. You can then share the resources with other team members with the ReadOnly managed permission to follow the security best practice of granting least privilege, or the minimum permissions required for access to shared resources.
With this launch, you also have additional flexibility to define who has access to shared resources. In addition to sharing resources with your entire organization or OUs in Amazon Web Services Organizations, and with any Amazon Web Services account, you can now also share resources with IAM roles and IAM users for supported resource types.
To learn more about managed permissions and support for IAM roles and IAM users, see the Amazon Resource Access Manager User Guide. To get started with using Amazon RAM to share resources, visit the Amazon Resource Access Manager console. To view a list of available managed permissions, navigate to the Permissions Library in the Amazon RAM console. Customers can begin using managed permissions in the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD.