Skip to content

Resource: awsRamPrincipalAssociation

Provides a Resource Access Manager (RAM) principal association. Depending if RAM Sharing with AWS Organizations is enabled, the RAM behavior with different principal types changes.

When RAM Sharing with AWS Organizations is enabled:

  • For AWS Account ID, Organization, and Organizational Unit principals within the same AWS Organization, no resource share invitation is sent and resources become available automatically after creating the association.
  • For AWS Account ID principals outside the AWS Organization, a resource share invitation is sent and must be accepted before resources become available. See the awsRamResourceShareAccepter resource to accept these invitations.

When RAM Sharing with AWS Organizations is not enabled:

  • Organization and Organizational Unit principals cannot be used.
  • For AWS Account ID principals, a resource share invitation is sent and must be accepted before resources become available. See the awsRamResourceShareAccepter resource to accept these invitations.

Example Usage

AWS Account ID

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsRamResourceShareExample = new aws.ramResourceShare.RamResourceShare(
  this,
  "example",
  {
    allowExternalPrincipals: true,
  }
);
const awsRamPrincipalAssociationExample =
  new aws.ramPrincipalAssociation.RamPrincipalAssociation(this, "example_1", {
    principal: "111111111111",
    resourceShareArn: awsRamResourceShareExample.arn,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRamPrincipalAssociationExample.overrideLogicalId("example");

AWS Organization

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ramPrincipalAssociation.RamPrincipalAssociation(this, "example", {
  principal: "${aws_organizations_organization.example.arn}",
  resourceShareArn: "${aws_ram_resource_share.example.arn}",
});

Argument Reference

The following arguments are supported:

  • principal - (Required) The principal to associate with the resource share. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN.
  • resourceShareArn - (Required) The Amazon Resource Name (ARN) of the resource share.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The Amazon Resource Name (ARN) of the Resource Share and the principal, separated by a comma.

Import

RAM Principal Associations can be imported using their Resource Share ARN and the principal separated by a comma, e.g.,

$ terraform import aws_ram_principal_association.example arn:aws:ram:eu-west-1:123456789012:resource-share/73da1ab9-b94a-4ba3-8eb4-45917f7f4b12,123456789012