What Is RAM?
Resource Access Manager (RAM) helps you securely share resources among your Huawei Cloud accounts. If you have several Huawei Cloud accounts, you can create resources once in one of your Huawei Cloud accounts and use RAM to share those resources with the other accounts, eliminating the need to create duplicate resources in each account. For the specific cloud services and resource types supported by RAM, see Cloud Services and Resource Types Supported by RAM.
If your account is managed by Huawei Cloud Organizations, you can share resources with all the other accounts in an organization, or with only accounts in one or more specified organizational units (OUs) of the organization. You can also share resources with a specific Huawei Cloud account by account ID, regardless of whether the account is part of an organization.
Managing resource sharing
You can use RAM to centrally manage resource sharing. Specifically, as a resource owner, you can share a specified resource with an organization, OU, or account, and also update or delete the resource share at any time.
As a principal, you can accept or reject a sharing invitation, view the information about the resource share, and leave the resource share after the sharing ends.
Viewing resource shares
A resource owner can view the information about the shared resources and the principals.
A principal can view the information about the shared resources and the resource owner.
Sharing with Organizations
If RAM has become a trusted service for Organizations, the resource owner can share specified resources with an organization or OU. By default, all accounts in the organization or OU accept the invitation to gain access to the shared resources.
The Organizations service is currently not launched, so Sharing with Organizations is currently unavailable.
How RAM Works
When you share resources with another Huawei Cloud account, you are granting access permissions for the shared resources to principals in that account. Only those permissions selected for resource sharing can be granted to principals. Permissions that can be applied to the principals are jointly determined by the RAM managed permissions and the IAM permissions configured for the principals.
The following figure demonstrates how RAM works.
You can access RAM using the management console or HTTPS-compliant application programming interfaces (APIs).
- Using the management console
Access RAM through the management console ─ a browser-based visual interface. Log in to the management console, click in the upper left corner, and choose Management & Governance > Resource Access Manager.
- Using APIs
Use this method if you want to integrate RAM into a third-party system for secondary development. For detailed operations, see Resource Access Manager API Reference