Contact Us

Contact Us



Pleas confirm by checkbox


Uncategorized

VPC Sharing Using AWS RAM (Resource Access Manager)

Author_img
By Raunak Jha June 18, 2019

Over the years AWS has made managing multi-account AWS environments easier. They have introduced consolidated billing, AWS Organizations, cross-account IAM roles delegation, and various ways to share resources like snapshots, AMIs, etc.

In this blog post, I will discuss cross-account VPC sharing using AWS RAM which is a cool new service launched by AWS in November 2018. AWS RAM enables us to share our resources with an AWS account or through AWS Organizations. If you have multiple AWS accounts, you can create resources centrally and use AWS RAM to share those resources with other accounts.

VPC sharing is a very powerful concept with many benefits:

  • Separation of duties: centrally controlled VPC structure, routing, IP address allocation.
  • Application owners continue to own resources, accounts, and security groups.
  • VPC sharing participants can reference security group IDs of each other.
  • Efficiencies: higher density in subnets, efficient use of VPNs and AWS Direct Connect.
  • Hard limits can be avoided, for example, 50 VIFs per AWS Direct Connect connection through simplified network architecture.
  • Costs can be optimized through reuse of NAT gateways, VPC interface endpoints, and intra-Availability Zone traffic.

AWS RAM gives us the provision to share following services till date:

  • Subnet
  • Transit Gateways
  • Resolver Rules
  • License Configuration

When you share a resource with another account, then that account is granted access to the resource. Any policies and permissions in that account apply to the shared resource

I will now share subnets from the account (A) which will be the owner account to account (B), say participant account.

Setting up AWS organization:

Create an AWS organization in account A and add the participant account B in the Organization.

Invite the account B in the AWS organization by sending a request from the console.

Create a Custom VPC and few subnets in the owner account which will be shared with the participant account.

Next, enable the resource sharing for your organization from the AWS Resource Access Manager settings in account A.

Now let’s start with resource sharing by creating a resource share in “shared by me tab”.

After providing a description for the shared resource, select “Subnets” in the resource tab and then go ahead and select the subnets which you wish to share with participant account.

The principal will be the destination account or the AWS Organization to which the subnets will be shared. I will go with AWS organization and select account B in the organization.

After creating the resource share in owner account A, go to the participant account B and check if the resource share is visible in AWS RAM dashboard “shared with me” tab.

The shared subnets will now appear in the participant account B along with the VPC.

Let’s use this VPC to launch resources in Participant account. Navigate to the EC2 dashboard and while launching the instance, in the configure instance section check the availability of shared VPC and subnets.

Voila! The magic is done!

Things to know:
  • At this moment VPC sharing is only available within the same AWS Organization.
  • We cannot share default VPC’s.
  • Participants accounts can’t launch resources using security groups that are owned by other participants or the owner.
  • Participants can’t launch resources using the default security group for the VPC because it belongs to the owner.
  • Participants pay for their resources and also pay for data transfer charges associated with Inter-Availability Zone data transfer, internet gateway, VPC peering connections, and data transfer through an AWS Direct Connect.
  • VPC owners pay hourly charges (where applicable), data processing and data transfer charges across NAT gateways, virtual private gateways, transit gateways, AWS PrivateLink, and VPC endpoints.
Related posts
Reduce App size with On Demand Resources
Uncategorized

Reduce App size with On Demand Resources

By shekhar.wagh May 29, 2019
iMessage Stickers and Apps
Uncategorized

iMessage Stickers and Apps

By shekhar.wagh May 27, 2019
What is UX Writing?
Uncategorized

What is UX Writing?

By shekhar.wagh April 08, 2019
AWS ECS (Amazon Elastic Container Service )
Uncategorized

AWS ECS (Amazon Elastic Container Service )

By shekhar.wagh March 26, 2019
Scala code analysis and coverage report on Sonarqube using SBT
Uncategorized

Scala code analysis and coverage report on Sonarqube using SBT

By shekhar.wagh March 19, 2019
Introduction to Akka Streams
Uncategorized

Introduction to Akka Streams

By shekhar.wagh March 08, 2019
Decentralized Applications - Utilizing the Power of Blockchain Technology
Uncategorized

Decentralized Applications - Utilizing the Power of Blockchain Technology

By shekhar.wagh March 05, 2019
App Store Connect API To Automate TestFlight Workflow
Uncategorized

App Store Connect API To Automate TestFlight Workflow

By shekhar.wagh February 28, 2019
Using Custom Metrics for CloudWatch Monitoring
Uncategorized

Using Custom Metrics for CloudWatch Monitoring

By shekhar.wagh February 06, 2019
The journey from JSP to React JS SPA
Uncategorized

The journey from JSP to React JS SPA

By shekhar.wagh January 22, 2019

Stay updated

Get the latest creative news from Fubiz about art, design and pop-culture.