Getting started
Last updated
Was this helpful?
Last updated
Was this helpful?
Note
This policy uses "Principal": "*"
and then uses the "Condition"
element to restrict permissions to identities that match the specified PrincipalOrgID
. For more information, see .
Important
You must enable sharing with AWS Organizations by using the AWS RAM console or the AWS CLI command. This ensures that the AWSServiceRoleForResourceAccessManager
service-linked role is created. If you enable trusted access with AWS Organizations by using the AWS Organizations console or the AWS CLI command, the AWSServiceRoleForResourceAccessManager
service-linked role isn't created, and you can't share resources within your organization.
Considerations
Note To obtain the unique ARN for an IAM user, , use the AWS CLI command, or the API action.
Note If you want to use a customer managed permission with a resource type in this resource share, you can either use an existing customer managed permission or create a new customer managed permission. Make note of the ARN for the customer managed permission, and then create the resource share. For more information, see .