[ AWS Resource Access Manager (RAM) ]
자신의 AWS 리소스를 타 AWS 계정과 공유
리소스 중복 생성 막을 수 있음
VPC Subnets/AWS Transit Gateway/Route 53 Resolver Rules/License Manager Configurations 등 공유 가능
- Share AWS resources that you own with other AWS accounts
- Share with any account or within your Organization
- Avoid resource duplication!
- VPC Subnets:
-- allow to have all the resources launched in the same subnets
-- must be from the same AWS Organizations
-- Cannot share security groups and default VPC
-- Participants can manage their own resources in there
-- Participants can't view, modify, delete resources that belong to other participants or the owner
- AWS Transit Gateway
- Route53 Resolver Rules
- License Manager Configurations
* VPC : Virtual Private Cloud
[ Resource Access Manager - VPC example ]
각각의 계정은 다른 계정의 리소스를 읽고쓰고지우는 행위를 할 수 없음
네트워크가 공유되기 때문에 resource 간의 통신이 가능, 이때 private IP 사용.
Each account is responsible for its own resources.
Each account cannot view, modify/delete other resources in other accounts.
Network is shared so, anything deployed in the VPC can talk to other resources in the VPC.
Applications are accessed easily across accounts, using private IP.
Security groups from other accounts can be referenced for maximum security
'infra & cloud > AWS' 카테고리의 다른 글
| [SSH] RSA 공유키 충돌 문제 (0) | 2022.12.01 |
|---|---|
| [AWS] SSO : Single Sign-On (0) | 2022.05.26 |
| [AWS] 20-3. AWS IAM Advanced, IAM Policy Evaluation Logic (0) | 2022.05.25 |
| [AWS] 20-2. AWS AD (Active Directory), Organizations, OU (0) | 2022.05.24 |
| [AWS] 20-1. AWS STS, Identity Federation (0) | 2022.05.24 |