Associate shared phone number in destination account

To use a phone number from Account B in Account A, you need to follow a different approach than creating a pool directly with the shared phone number. Here's the correct process:

1. In Account B (the owner account), you need to share the phone number using AWS Resource Access Manager (RAM). This involves adding the phone number to a resource share.

2. In Account A (the destination account), you don't create a pool directly with the shared phone number. Instead, you need to use the shared phone number as it is.

3. To use the shared phone number in Account A, you would typically use it directly in your API calls or configurations, rather than trying to add it to a pool in Account A.

4. The resource policy you've set up in Account B looks correct, as it allows Account A to describe the phone number and send messages using it.

5. When you run the describe-phone-numbers command with the --owner SHARED parameter in Account A, and you can see the phone number, it confirms that the sharing is set up correctly.

6. To use the shared phone number in Account A, you would use it directly in operations like sending messages, without needing to create a pool or associate it with one.

If you need to use the phone number in a pool-like context in Account A, you might need to explore other options or consult with AWS support for the best approach, as directly adding a shared phone number to a pool in the destination account is not the standard procedure.

Remember, when using shared resources, there are often limitations on what operations can be performed on them in the destination account. The focus is typically on using the resource (like sending messages) rather than managing it (like adding it to pools) in the destination account.
Sources
Working with shared resources in AWS End User Messaging SMS - AWS End User Messaging SMS
Associate phone numbers to Amazon Connect contact flows | AWS re:Post

Hi,

You're encountering an issue with using a shared phone number from Account B in Account A. The error suggests that Account A cannot find the phone number resource when trying to create a pool. Let me help you resolve this.

The Issue

The problem appears to be with your resource policy in Account B. While you've granted permissions to describe the phone number and send messages, you haven't explicitly granted permission to associate the phone number with a pool in Account A.

Solution

1. Update the resource policy in Account B to include the sms-voice:AssociateOriginationIdentity permission:

{
  "Sid": "asdf",
  "Effect": "Allow",
  "Principal": {
    "AWS": [
      "arn:aws:iam::{{accountA}}:root"
    ]
  },
  "Action": [
    "sms-voice:DescribePhoneNumbers",
    "sms-voice:SendTextMessage",
    "sms-voice:SendVoiceMessage",
    "sms-voice:AssociateOriginationIdentity"
  ],
  "Resource": "arn:aws:sms-voice:us-east-2:{{accountB}}:phone-number/phone-abcdefabcdef"
}

2. Create the pool first in Account A without specifying the origination identity:

aws pinpoint-sms-voice-v2 create-pool --iso-country-code US --message-type TRANSACTIONAL --name YourPoolName

3. Then associate the phone number with the pool:

aws pinpoint-sms-voice-v2 associate-origination-identity --pool-id pool-12345 --origination-identity arn:aws:sms-voice:us-east-2:000011112222:phone-number/phone-abcdefabcdef

This two-step approach often works better when dealing with cross-account resources.

Additional Verification

You can verify the phone number is properly shared by running:

aws pinpoint-sms-voice-v2 describe-phone-numbers --phone-number-id phone-abcdefabcdef

If the sharing is set up correctly, this command should return details about the phone number from Account A.

Let me know if you encounter any other issues with this approach!