Skip to content

Instantly share code, notes, and snippets.

@spasam

spasam/aws-scp-ram-share.json

Created March 27, 2023 18:44
Show Gist options
  • Save spasam/1881bd8411ccf34e78abb12004a2e03a to your computer and use it in GitHub Desktop.
Save spasam/1881bd8411ccf34e78abb12004a2e03a to your computer and use it in GitHub Desktop.
Download ZIP
Restricts sharing of resources outside of the organization using AWS Resource Access Manager (RAM)
Raw
aws-scp-ram-share.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenySharingOutsideOrganization",
"Effect": "Deny",
"Action": [
"ram:AcceptResourceShareInvitation",
"ram:AssociateResourceShare",
"ram:CreateResourceShare",
"ram:DeleteResourceShare",
"ram:DisassociateResourceShare",
"ram:RejectResourceShareInvitation",
"ram:TagResource",
"ram:UntagResource",
"ram:UpdateResourceShare",
"ram:EnableSharingWithAwsOrganization"
],
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:PrincipalOrgID": "o-1234567890"
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment