We can set up and use AWS RAM as follows:
- Go to the AWS RAM service in the console. If we are using the service for the first time, we should be taken to the initial landing page.
- Click on Settings from the left sidebar, select the Enable sharing within your AWS Organization option, and click Save settings:
We can only enable sharing with AWS Organizations from the master account.
- Go back to the AWS RAM dashboard and click on Create a resource share.
- In the Description section, provide a Name for our resource.
- In the section titled Resources - optional, for Select resource type, select Subnets. Select a subnet if available. We created subnets in the Creating subnets in a VPC recipe in Chapter 5, Network Security with VPC.
- In the Principals - optional section, add the account number of the account we want to share resources with:
We can also click on Shown organization structure to select the master account, an OU or accounts under OUs from our AWS Organization. We should see the accounts and OU selected under Selected principals.
The account number for an account can be found in the Support Center page of the account. In our case, we could simply select the account from the organizational structure itself, but I wanted to show what is possible. We selected the option to allow external accounts. In our particular case, that was also not needed, as we have selected an account within our Organization.
- Click Create resource share.
- To verify the resource share, log in to the shared account (380701114427 in my case) and go to the AWS Resource Access Manager dashboard. Click on Resource shares under Shared with me in the left sidebar:
We should see our resource share in the member account. Here, 135301570106 is my master account's account ID.