Top / Amazon Web Service / AWS RAM / Resource Association

AWS RAM Resource Association

This page shows how to write Terraform and CloudFormation for AWS RAM Resource Association and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_ram_resource_association (Terraform)

The Resource Association in AWS RAM can be configured in Terraform with the resource name aws_ram_resource_association. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

vpc-10-1.tf#L153
resource "aws_ram_resource_association" "ram-prod-priv-1x" {
  resource_arn       = aws_subnet.privsubnet-1.arn
  resource_share_arn = aws_ram_resource_share.rams-prod-1x.arn
}

resource "aws_ram_resource_association" "ram-prod-priv-1y" {
ram.tf#L10
resource "aws_ram_resource_association" "transit-gateway" {
  resource_arn       = aws_ec2_transit_gateway.transit-gateway.arn
  resource_share_arn = aws_ram_resource_share.transit-gateway.id
}

# Create a resource share for the Certificate Manager
resource-sharing.tf#L11
resource "aws_ram_resource_association" "internet" {
  resource_share_arn = aws_ram_resource_share.internet.arn
  resource_arn       = aws_ec2_transit_gateway.internet.arn
}

resource "aws_ram_principal_association" "internet" {
hub.tf#L38
resource "aws_ram_resource_association" "internal_rule" {
  count              = var.is_hub ? 1 : 0
  resource_arn       = aws_route53_resolver_rule.forward_internal[0]
  resource_share_arn = aws_ram_resource_share.dns[0]
}
aws_ram_resource_association.tf#L1
resource "aws_ram_resource_association" "$instance.getAttribute("association_name")" {
  resource_arn       = $instance.getAttribute("resource_arn")
  resource_share_arn = $instance.getAttribute("resource_share_arn")

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Resource Access Manager (RAM) Resource Association.

NOTE: Certain AWS resources (e.g., EC2 Subnets) can only be shared in an AWS account that is a member of an AWS Organizations organization with organization-wide Resource Access Manager functionality enabled. See the Resource Access Manager User Guide and AWS service specific documentation for additional information.

>> from Terraform Registry

AWS::RAM::ResourceShare (CloudFormation)

The ResourceShare in RAM can be configured in CloudFormation with the resource name AWS::RAM::ResourceShare. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

2-BIU_transitgwprod.yml#L34
    Type: AWS::RAM::ResourceShare
    DependsOn: TransitGateway
    Properties:
      AllowExternalPrincipals: false
      Name: "Transit Gateway Resource Share"
      ResourceArns:
shared-resource-share.yml#L21
    Type: AWS::RAM::ResourceShare
    Properties:
      AllowExternalPrincipals: false
      Name: !Sub ${RootStackName}_shared
      Principals: !Ref SharedResourceSharePrincipals
      ResourceArns:
share_resources.yml#L18
    Type: AWS::RAM::ResourceShare
    Properties:
      AllowExternalPrincipals: true
      Name: mesh-share
      Principals:
        - !Ref ConsumerAccountId
share_resources.yml#L18
    Type: AWS::RAM::ResourceShare
    Properties:
      AllowExternalPrincipals: true
      Name: mesh-share
      Principals:
        - !Ref ConsumerAccountId
share_resources.yml#L18
    Type: AWS::RAM::ResourceShare
    Properties:
      AllowExternalPrincipals: true
      Name: mesh-share
      Principals:
        - !Ref ConsumerAccountId
prod-resource-share-subnets.json#L46
            "Type": "AWS::RAM::ResourceShare",
            "Properties": {
                "Name": {
                    "Ref": "ResourceShareName"
                },
                "AllowExternalPrincipals": false,
nonprod-resource-share-subnets.json#L46
            "Type": "AWS::RAM::ResourceShare",
            "Properties": {
                "Name": {
                    "Ref": "ResourceShareName"
                },
                "AllowExternalPrincipals": false,
RAMResourceShareSpecification.json#L22
    "AWS::RAM::ResourceShare": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html",
      "Attributes": {
        "Arn": {
          "PrimitiveType": "String"
        }
RAMResourceShareSpecification.json#L22
    "AWS::RAM::ResourceShare": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html",
      "Attributes": {
        "Arn": {
          "PrimitiveType": "String"
        }
RAMResourceShareSpecification.json#L22
    "AWS::RAM::ResourceShare": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ram-resourceshare.html",
      "Attributes": {
        "Arn": {
          "PrimitiveType": "String"
        }

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

Specifies a resource share.

>> from AWS CloudFormation Documentation

The Other Related AWS RAM Resources

Frequently asked questions

What is AWS RAM Resource Association?

AWS RAM Resource Association is a resource for RAM of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS RAM Resource Association?

For Terraform, the trilogy-group/CENPRO-24625, ministryofjustice/modernisation-platform and cicdenv/cicdenv source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the deiselira/aws, PRX/Infrastructure and ft20006/aws-app-mesh-examples source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents