Considerations for using customer managed permissions in AWS RAM

Customer managed permissions are only available in the AWS Region that you create them in. Not all resource types support customer managed permissions. For a list of supported resource types in AWS Resource Access Manager, see Shareable AWS resources.

Customer managed permissions with multiple statements aren't supported. You can only use single non-negating operators in customer managed permissions.

The following conditions aren't supported in customer managed permissions:

Principal in the organization related:
- aws:PrincipalOrgId
- aws:PrincipalOrgPaths
- aws:PrincipalAccount

Principal for a specified service related:
- aws:SourceArn
- aws:SourceAccount
System tags:
- aws:PrincipalTag/aws:
- aws:ResourceTag/aws:
- aws:RequestTag/aws:

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Updating managed permission versions

Security