This repository provides guidance and scripts for managing Resource Sharing between two personas in AWS using Resource Access Manager (RAM):
- Resource Owners - Share resources from their VPCs with other AWS accounts.
- Consumers - Accept and access shared resources in their accounts.
- VPC Lattice: Simplifies connecting, securing, and monitoring service-to-service communications across VPCs and accounts. VPC Lattice is used to create a Service Network that manages access to shared resources and ensures secure connectivity.
- PrivateLink: Enables secure access to services in a shared VPC over the AWS private network. This is used to create private endpoints in the Consumer’s VPC, allowing seamless access to shared resources.
- Resource Owners: Share resources from their VPCs with Consumers.
- Consumers: Accept shared resources and access them from their accounts.
- Resource-Gateway: Acts as a hub for sharing resources in the VPC. Multiple resources can be shared through a single gateway.
- Resource-Configuration: Defines the resource to be shared (e.g., IP address or domain name).
- Single: A standalone configuration for one resource.
- Group: A collection of multiple resource configurations.
- Child: Exists only as part of a Group configuration.
- Sharing via RAM: Invite a Consumer account to access shared resources using Resource Access Manager.
- Accept the Resource-Share: Accept the Resource Owner's invitation in RAM.
- Discover Shared Resources: Validate the shared resources available.
- Create a Service Network: Organize and manage shared resources.
- Associate Resources to Service Network: Add Resource-Configurations to the Service Network.
- Service Network Endpoint: Create an endpoint in the Consumer's VPC for accessing shared resources.
- Domain Name Construction: Generate a domain name to access resources via the Service Network.