id | title | created | updated |
---|---|---|---|
Getting started |
Getting started |
1683841041000 |
1683841041000 |
{% hint style="info" %} This page was generated from content adapted from the AWS Developer Guide {% endhint %}
- Note
This policy uses"Principal": "*"
and then uses the"Condition"
element to restrict permissions to identities that match the specifiedPrincipalOrgID
. For more information, see Implications of using "Principal": "*" in a resource-based policy.
- Important
You must enable sharing with AWS Organizations by using the AWS RAM console or the enable-sharing-with-aws-organization AWS CLI command. This ensures that theAWSServiceRoleForResourceAccessManager
service-linked role is created. If you enable trusted access with AWS Organizations by using the AWS Organizations console or the enable-aws-service-access AWS CLI command, theAWSServiceRoleForResourceAccessManager
service-linked role isn't created, and you can't share resources within your organization. - Considerations
- Note
To obtain the unique ARN for an IAM user, view the list of users in the IAM console, use the https://docs.aws.amazon.com/cli/latest/reference/iam/get-user.html AWS CLI command, or the https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetUser.html API action. - Note
If you want to use a customer managed permission with a resource type in this resource share, you can either use an existing customer managed permission or create a new customer managed permission. Make note of the ARN for the customer managed permission, and then create the resource share. For more information, see Create a customer managed permission.