Skip to content

FriendsOfTerraform/aws-resource-access-manager

BranchesTags

Repository files navigation

Resource Access Manager Module

This module creates and configures a Resource Access Manager share to allow sharing supported resources to other AWS accounts

This repository is a READ-ONLY sub-tree split. See https://github.com/FriendsOfTerraform/modules to create issues or submit pull requests.

Table of Contents

Example Usage

Basic Usage

module "basic_usage" {
  source = "github.com/FriendsOfTerraform/aws-resource-access-manager.git?ref=v1.0.0"

  name = "demo-share"

  # You can add multiple principals of different types
  principals = [
    "111122223333",                                                         # AWS account ID
    "arn:aws:organizations::123456789012:organization/o-1234567abc",        # AWS Organization
    "arn:aws:organizations::123456789012:ou/o-1234567abc/ou-a123-b4567890", # AWS Organization's OU
    "arn:aws:iam::111122223333:role/demo-role"                              # IAM role
  ]

  # You can share multiple supported resources of different types
  resources = [
    "arn:aws:ec2:us-east-1:129876543210:transit-gateway/tgw-04387512345abcdef", # transit gateway
    "arn:aws:ec2:us-east-1:129876543210:subnet/subnet-123456963fabcdef"         # VPC subnet
  ]

}

Argument Reference

Mandatory

  • (string) name [since v1.0.0]

    The name of the resource share. All associated resources will also have their name prefixed with this value

Optional

  • (list(string)) accept_sharings = [] [since v1.0.0]

    List of share ARNs to accept sharing from

  • (map(string)) additional_tags = {} [since v1.0.0]

    Additional tags for the resource share

  • (map(string)) additional_tags_all = {} [since v1.0.0]

    Additional tags for all resources deployed with this module

  • (bool) allow_external_principals = false [since v1.0.0]

    If enabled, you can share resources with any AWS accounts, roles, and users. If you are in an organization, you can also share with the entire organization or organizational units in that organization.

  • (list(string)) principals = [] [since v1.0.0]

    List of principals to grant access of the resources to. Valid values include: the 12-digits AWS account ID, ARN of an AWS Organization, AWS Organization's OU, IAM role, IAM user, or a Service principal.

  • (list(string)) resources = [] [since v1.0.0]

    List of ARNs of supported resources to share. Please refer to this documentation for a list of shareable resources.

Outputs

  • (string) resource_share_id [since v1.0.0]

    The ID of the resource share

Known Limitations

shared resources have empty name

The name of the shared resources do not get carried over to the remote accounts, and must manually updated as necessary.

About

Terraform module for resource access manager

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Aug 12, 2025

Packages

No packages published

Languages