
AWS Resource Access Manager now supports customer managed permissions, enabling fine-grained access control when sharing resources across AWS accounts by allowing you to specify precise actions and conditions for shared resources.


<div><p>This article explains how to use AWS Resource Access Manager (RAM) customer managed permissions to share resources with fine-grained access controls across AWS accounts.</p><ul><li>AWS RAM enables secure resource sharing across accounts with specified actions and conditions</li><li>Customer managed permissions allow tailored access beyond AWS managed permissions</li><li>Example demonstrates sharing an IPAM pool from networking account to Development OU</li><li>Development accounts granted write-only permissions to allocate CIDR ranges</li><li>Permissions can be further refined using IAM principal tags for additional access control</li><li>New permission versions can be created and applied to existing resource shares</li><li>Follows least privilege best practice by granting only required permissions</li></ul><p>Customer managed permissions in AWS RAM enable organizations to share infrastructure resources securely while maintaining granular access controls aligned with security requirements.</p></div>


Related articles