Account A and Account B are part of AWS Organizations.
Subnets from non-default VPC in Account A need to be shared with Account B.
Sysops administrator is planning to enable this sharing using AWS RAM.
Since this is a PoC (proof of concept), the security team has instructed not to enable sharing across all accounts within AWS Organizations.
What should be done to enable subnet sharing between Account A and B?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
There are two options for sharing subnets between accounts that are part of AWS Organizations using AWS RAM.
Enable sharing within AWS Organizations.
Share resources within individual accounts as external principals.
For this, invitations should be sent for resource share, and post-acceptance subnets can be shared.
Option B is incorrect as removing Account B from AWS Organizations is not required to have subnet sharing between Account A and.
B.Option C is incorrect as removing Account A from AWS Organizations is not required to have subnet sharing between Account A and.
B.Option D is incorrect as sharing is enabled on other AWS Organizations.
Resources can be only shared within accounts / OUs of AWS Organizations and Not with accounts within other AWS Organizations.
For more information on sharing VPC using AWS Resource Access Manager (RAM), refer to the following URL,
https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.htmlThe correct answer is A: Account A should share an invitation as an external principal to Account B; post-acceptance of invitation subnets can be shared with Account B.
AWS RAM (Resource Access Manager) enables resource sharing between AWS accounts within AWS Organizations and outside of it. It allows resource owners to share their AWS resources with other accounts without having to create new VPCs, subnets, and other resources in each account.
In this scenario, Account A and Account B are part of AWS Organizations, and subnets from non-default VPC in Account A need to be shared with Account B. However, since this is a PoC, the security team has instructed not to enable sharing across all accounts within AWS Organizations.
To enable subnet sharing between Account A and B without enabling sharing across all accounts within AWS Organizations, the following steps should be taken:
Share an invitation from Account A to Account B: The sysops administrator should share an invitation from Account A to Account B to enable subnet sharing. This will allow Account B to access and use subnets from the non-default VPC in Account A.
Accept the invitation by Account B: Once Account B receives the invitation from Account A, it should accept the invitation. This will establish a resource share between Account A and B.
Share subnets with Account B: After the invitation is accepted, Account A can share subnets with Account B using AWS RAM. This will allow Account B to access and use the subnets from the non-default VPC in Account A.
Option B is incorrect because moving Account B out of AWS Organizations will not enable subnet sharing with Account A. It will only remove Account B from the organization, which may not be necessary for enabling subnet sharing.
Option C is also incorrect because moving Account A out of AWS Organizations will not enable subnet sharing with Account B. It will only remove Account A from the organization, which may not be necessary for enabling subnet sharing.
Option D is incorrect because enabling sharing on other AWS Organizations will not enable subnet sharing between Account A and B. It will only enable sharing between other organizations and may not be necessary for this scenario.