Ensure external principals are allowed for AWS RAM resources

MEDIUM

Description

AWS RAM resource share has 'allows external principals' disabled which may cause your entire organization or organizational units to lose access to the shared resources.

Remediation

In AWS Console -

Sign in to the AWS Console and go to the shared by me page on AWS RAM Console.
Select the appropriate Region.
Select Modify.
Go to the 'Allow sharing with external principals' page by clicking next and set it as 'Allow sharing with external principals.'.
Review and Update.

In Terraform -

In the aws_ram_resource_share resource, set 'allow_external_principals' to 'true'.

References:
https://docs.aws.amazon.com/resource-explorer/latest/userguide/security_iam.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_share#allow_external_principals

Policy Details

Rule Reference ID: AC_AWS_0185

CSP: AWS

Remediation Available: Yes

Domain: Data Protection

Resource: aws_ram_resource_share

Resource Category: Management

Resource Type: Resource Access Manager (RAM)

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA