What Is RAM?
Resource Access Manager (RAM) helps you securely share resources across accounts. If you have several Huawei Cloud accounts, you can create resources once in one account and use RAM to share those resources with the other accounts, eliminating the need to create duplicate resources in each account. For the specific cloud services and resource types supported by RAM, see Sharable Cloud Services and Resource Types.
If you use Organizations to manage accounts in your organization, you can use RAM to share resources with all the other accounts in your organization, or with only accounts in one or more specified organizational units (OUs) of the organization. You can also share resources with a specific Huawei Cloud account by account ID, regardless of whether the account is part of an organization.
Managing resource shares
You can use RAM to centrally manage resource shares. Specifically, as a resource owner, you can share a specified resource with an organization, OU, or account, and also update or delete the resource share at any time.
As a principal, you can accept or reject resource sharing invitations, view the information about the resource shares, and leave the resource shares if you no longer need to access their shared resources.
Viewing resource shares
A resource owner can view the information about the shared resources and the principals.
A principal can view the information about the shared resources and the resource owner.
Sharing with Organizations
If sharing with Organizations is enabled, a resource owner can share specified resources with an organization or its OUs. By default, all accounts in the organization or OUs are granted access to the shared resources.
How RAM Works
When you share resources with another account, you are granting principals in that account permissions to access the shared resources. Only those permissions selected for resource sharing can be granted to principals. The permissions that can be applied to the principals are jointly determined by the RAM managed permissions and the IAM permissions configured for the principals.
The following figure demonstrates how RAM works.
You can access RAM using the management console or HTTPS-compliant application programming interfaces (APIs).
- Using the management console
Access RAM through the management console ─ a browser-based visual interface. Log in to the management console, click in the upper left corner, and choose Management & Governance > Resource Access Manager.
- Using APIs
Use this method if you want to integrate RAM into a third-party system for secondary development. For detailed operations, see Resource Access Manager API Reference.