Last updated on December 4, 2025
AWS Resource Access Manager Cheat Sheet
- AWS Resource Access Manager (AWS RAM) is a service that allows you to securely share AWS resources across accounts, organizational units (OUs), or your entire AWS Organization. It eliminates the need to duplicate resources in multiple accounts, simplifying management and maintaining security and consistency.
- Only the master account can enable sharing with AWS Organizations.
- The organization must be enabled for all features.
- RAM eliminates the need to create duplicate resources in multiple accounts. You can create resources centrally in a multi-account environment, and use RAM to share those resources across accounts in three simple steps:
-
- Create a Resource Share
- Specify resources
- Specify accounts
- You can stop sharing a resource by deleting the share in AWS RAM.
- Services you can share with AWS RAM
|
Service |
Resource |
|
Amazon Aurora |
DB Clusters |
|
AWS CodeBuild |
Projects,Report Groups |
|
Amazon EC2 |
Capacity Reservations, Dedicated Hosts, Subnets, Traffic mirror targets, Transit gateways |
|
Amazon EC2 Image Builder |
Components, Images (AMI), Image recipes |
|
AWS License Manager |
License configurations |
|
AWS Resource Groups |
Resource groups |
|
Amazon Route 53 |
Forwarding rules |
Features
-
Resource Sharing: Share resources with specific AWS accounts, OUs, or your entire organization.
-
Centralized Management: Create resources once and share them without provisioning duplicates.
-
Invitation-Based Access: External accounts receive an invitation to access shared resources.
-
Permission Management: Attach managed or custom permissions to control what shared principals can do.
-
Visibility & Auditability: Track usage of shared resources with integration to CloudTrail and CloudWatch.
-
Support for Regional and Global Resources: Share resources across regions or in the home region for global resources.
Use Cases
-
Multi-Account Resource Sharing: Share central VPC subnets, Transit Gateways, or license configurations across multiple accounts.
-
Cost Optimization: Avoid duplicating resources across accounts, reducing operational overhead and cost.
-
Centralized Security & Compliance: Maintain a consistent security posture by sharing resources with controlled permissions.
-
Third-Party Collaboration: Share resources with external AWS accounts while controlling access through invitations.
Security
- IAM-Based Access: Use IAM policies to manage who can access resources you share or receive.
- Managed Permissions: Attach managed permissions to resource shares to define allowed actions.
- Ownership Retention: Resource-owning accounts maintain full ownership and control of shared resources.
- ABAC Support: Permissions can be further controlled using attributes (tags) on resources and principals.
- Auditability: Integrates with CloudTrail and CloudWatch to monitor shared resource usage.
AWS Resource Access Manager Pricing
-
- There is no additional charge for using AWS RAM.
Note: If you are studying for the AWS Certified Security Specialty exam, we highly recommend that you take our AWS Certified Security – Specialty Practice Exams and read our Security Specialty exam study guide.
AWS RAM Cheat Sheet References:
https://aws.amazon.com/ram/
https://aws.amazon.com/ram/faqs/
https://docs.aws.amazon.com/ram/latest/userguide/what-is.html
https://aws.amazon.com/blogs/aws/new-aws-resource-access-manager-cross-account-resource-sharing/
Learn AWS with our PlayCloud Hands-On Labs
🧑💻 50% OFF – CodeQuest Coding Labs
$2.99 AWS and Azure Exam Study Guide eBooks
New AWS Generative AI Developer Professional Course AIP-C01
Learn GCP By Doing! Try Our GCP PlayCloud
Learn Azure with our Azure PlayCloud
FREE AI and AWS Digital Courses
FREE AWS, Azure, GCP Practice Test Samplers
Subscribe to our YouTube Channel
Follow Us On Linkedin
Written by: Jon Bonso
