Transit Gateway shared with AWS Resource Access Manager (AWS RAM) identify all accounts as external
Customer has an AWS Landing Zone (ALZ) implementation where they are sharing a Transit Gateway (TGW) between accounts. Sharing a TGW results in error unless Allow external accounts is checked, even though the account is in the same organization.
The account that they are trying to share the TGW with, is under the same root Organization by ALZ and AWS Control Tower configuration Why these accounts are considered externals?. Once allow external accounts is checked the TGW can be shared and the principal type shows "Account (External)"
- 최신
- 최다 투표
- 가장 많은 댓글
AWS RAM must be integrated with AWS Organizations. Once this is done from the management account, RAM will have permissions to access AWS Organizations and enable sharing with Organization IDs and OUs. It will also properly identify accounts within the Organization and no longer require you to enable External sharing if the account is within the same Org. Enable sharing with AWS Organizations docs cover how to enable from the management account.
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
