Work with shared prefix lists
With AWS Resource Access Manager (AWS RAM), the owner of a prefix list can share a prefix list with the following:
-
Specific AWS accounts inside or outside of its organization in AWS Organizations
-
An organizational unit inside its organization in AWS Organizations
-
An entire organization in AWS Organizations
Consumers with whom a prefix list has been shared can view the prefix list and its entries, and they can reference the prefix list in their AWS resources.
For more information about AWS RAM, see the AWS RAM User Guide.
Contents
Prerequisites for sharing prefix lists
-
To share a prefix list, you must own it. You cannot share a prefix list that has been shared with you. You cannot share an AWS-managed prefix list.
-
To share a prefix list with your organization or an organizational unit in AWS Organizations, you must enable sharing with AWS Organizations. For more information, see Enable sharing with AWS Organizations in the AWS RAM User Guide.
Share a prefix list
To share a prefix list, you must add it to a resource share. If you do not have a
resource share, you must first create one using the AWS RAM console
If you are part of an organization in AWS Organizations, and sharing within your organization is enabled, consumers in your organization are automatically granted access to the shared prefix list. Otherwise, consumers receive an invitation to join the resource share and are granted access to the shared prefix list after accepting the invitation.
You can create a resource share and share a prefix list that you own using the AWS RAM console, or the AWS CLI.
To create a resource share and share a prefix list using the AWS RAM console
Follow the steps in Create a resource share in the AWS RAM User Guide. For Select resource type, choose Prefix Lists, and then select the check box for your prefix list.
To add a prefix list to an existing resource share using the AWS RAM console
To add a managed prefix that you own to an existing resource share, follow the steps in Updating a resource share in the AWS RAM User Guide. For Select resource type, choose Prefix Lists, and then select the check box for your prefix list.
To share a prefix list that you own using the AWS CLI
Use the following commands to create and update a resource share:
Identify a shared prefix list
Owners and consumers can identify shared prefix lists using the Amazon VPC console and AWS CLI.
To identify a shared prefix list using the Amazon VPC console
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Managed Prefix Lists.
-
The page displays the prefix lists that you own and the prefix lists that are shared with you. The Owner ID column shows the AWS account ID of the prefix list owner.
-
To view the resource share information for a prefix list, select the prefix list and choose Sharing in the lower pane.
To identify a shared prefix list using the AWS CLI
Use the describe-managed-prefix-lists command. The command returns the
prefix lists that you own and the prefix lists that are shared with you.
OwnerId
shows the AWS account ID of the prefix list
owner.
Identify references to a shared prefix list
Owners can identify the consumer-owned resources that are referencing a shared prefix list.
To identify references to a shared prefix list using the Amazon VPC console
Open the Amazon VPC console at https://console.aws.amazon.com/vpc/
. -
In the navigation pane, choose Managed Prefix Lists.
-
Select the prefix list and choose Associations in the lower pane.
-
The IDs of the resources that are referencing the prefix list are listed in the Resource ID column. The owners of the resources are listed in the Resource Owner column.
To identify references to a shared prefix list using the AWS CLI
Use the get-managed-prefix-list-associations command.
Unshare a shared prefix list
When you unshare a prefix list, consumers can no longer view the prefix list or its entries in their account, and they cannot reference the prefix list in their resources. If the prefix list is already referenced in the consumer's resources, those references continue to function as normal, and you can continue to view those references. If you update the prefix list to a new version, the references use the latest version.
To unshare a shared prefix list that you own, you must remove it from the resource share using AWS RAM.
To unshare a shared prefix list that you own using the AWS RAM console
See Updating a resource share in the AWS RAM User Guide.
To unshare a shared prefix list that you own using the AWS CLI
Use the disassociate-resource-share command.
Shared prefix list permissions
Permissions for owners
Owners are responsible for managing a shared prefix list and its entries. Owners can view the IDs of the AWS resources that reference the prefix list. However, they cannot add or remove references to a prefix list in AWS resources that are owned by consumers.
Owners cannot delete a prefix list if the prefix list is referenced in a resource that's owned by a consumer.
Permissions for consumers
Consumers can view the entries in a shared prefix list, and they can reference a shared prefix list in their AWS resources. However, consumers can't modify, restore, or delete a shared prefix list.
Billing and metering
There are no additional charges for sharing prefix lists.
Quotas for AWS RAM
For more information, see Service quotas.