Resource Share Permission

A Resource Share Permission in AWS RAM defines the set of actions and resources that can be shared with other AWS accounts or organizations. It controls what recipients of a resource share are allowed to do with the shared resources, ensuring secure and controlled access across accounts.

aws.ram_customer_permission

Fields

TitleIDTypeData TypeDescription
_keycorestring
account_idcorestring
arncorestringThe Amazon Resource Name (ARN) of the permission you want information about.
creation_timecoretimestampThe date and time when the permission was created.
default_versioncoreboolSpecifies whether the version of the managed permission used by this resource share is the default version for this managed permission.
feature_setcorestringIndicates what features are available for this resource share. This parameter can have one of the following values: STANDARD – A resource share that supports all functionality. These resource shares are visible to all principals you share the resource share with. You can modify these resource shares in RAM using the console or APIs. This resource share might have been created by RAM, or it might have been CREATED_FROM_POLICY and then promoted. CREATED_FROM_POLICY – The customer manually shared a resource by attaching a resource-based policy. That policy did not match any existing managed permissions, so RAM created this customer managed permission automatically on the customer's behalf based on the attached policy document. This type of resource share is visible only to the Amazon Web Services account that created it. You can't modify it in RAM unless you promote it. For more information, see PromoteResourceShareCreatedFromPolicy. PROMOTING_TO_STANDARD – This resource share was originally CREATED_FROM_POLICY, but the customer ran the PromoteResourceShareCreatedFromPolicy and that operation is still in progress. This value changes to STANDARD when complete.
is_resource_type_defaultcoreboolSpecifies whether the managed permission associated with this resource share is the default managed permission for all resources of this resource type.
last_updated_timecoretimestampThe date and time when the permission was last updated.
namecorestringThe name of this managed permission.
permission_typecorestringThe type of managed permission. This can be one of the following values: AWS_MANAGED – Amazon Web Services created and manages this managed permission. You can associate it with your resource shares, but you can't modify it. CUSTOMER_MANAGED – You, or another principal in your account created this managed permission. You can associate it with your resource shares and create new versions that have different permissions.
resource_typecorestringThe type of resource to which this permission applies. This takes the form of: service-code:resource-code, and is case-insensitive. For example, an Amazon EC2 Subnet would be represented by the string ec2:subnet.
statuscorestringThe current status of the permission.
tagscorehstore
versioncorestringThe version of the permission associated with this resource share.