Skip to content

Resource: awsRamResourceShareAccepter

Manage accepting a Resource Access Manager (RAM) Resource Share invitation. From a receiver AWS account, accept an invitation to share resources that were shared by a sender AWS account. To create a resource share in the sender, see the awsRamResourceShare resource.

\~> Note: If both AWS accounts are in the same Organization and RAM Sharing with AWS Organizations is enabled, this resource is not necessary as RAM Resource Share invitations are not used.

Example Usage

This configuration provides an example of using multiple Terraform AWS providers to configure two different AWS accounts. In the sender account, the configuration creates a awsRamResourceShare and uses a data source in the receiver account to create a awsRamPrincipalAssociation resource with the receiver's account ID. In the receiver account, the configuration accepts the invitation to share resources with the awsRamResourceShareAccepter.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.provider.AwsProvider(this, "aws", {
  profile: "profile2",
});
const awsAlternate = new aws.provider.AwsProvider(this, "aws_1", {
  alias: "alternate",
  profile: "profile1",
});
const awsRamResourceShareSenderShare =
  new aws.ramResourceShare.RamResourceShare(this, "sender_share", {
    allowExternalPrincipals: true,
    name: "tf-test-resource-share",
    provider: `\${${awsAlternate.fqn}}`,
    tags: {
      Name: "tf-test-resource-share",
    },
  });
const dataAwsCallerIdentityReceiver =
  new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "receiver", {});
const awsRamPrincipalAssociationSenderInvite =
  new aws.ramPrincipalAssociation.RamPrincipalAssociation(
    this,
    "sender_invite",
    {
      principal: dataAwsCallerIdentityReceiver.accountId,
      provider: `\${${awsAlternate.fqn}}`,
      resourceShareArn: awsRamResourceShareSenderShare.arn,
    }
  );
new aws.ramResourceShareAccepter.RamResourceShareAccepter(
  this,
  "receiver_accept",
  {
    shareArn: awsRamPrincipalAssociationSenderInvite.resourceShareArn,
  }
);

Argument Reference

The following arguments are supported:

  • shareArn - (Required) The ARN of the resource share.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • invitationArn - The ARN of the resource share invitation.
  • shareId - The ID of the resource share as displayed in the console.
  • status - The status of the resource share (ACTIVE, PENDING, FAILED, DELETING, DELETED).
  • receiverAccountId - The account ID of the receiver account which accepts the invitation.
  • senderAccountId - The account ID of the sender account which submits the invitation.
  • shareName - The name of the resource share.
  • resources - A list of the resource ARNs shared via the resource share.

Import

Resource share accepters can be imported using the resource share ARN, e.g.,

$ terraform import aws_ram_resource_share_accepter.example arn:aws:ram:us-east-1:123456789012:resource-share/c4b56393-e8d9-89d9-6dc9-883752de4767