This SCP prevents users or roles in any affected account from creating Resource Access Shares using RAM that are shared with external principals outside the organization

See Related Configuration Items for a Configuration Package to deploy multiple SCPs to an AWS Account.

Configuration template includes a CloudFormation custom resource to deploy into an AWS account.

    "Version": "2012-10-17",
    "Statement": [
            "Action": [
            "Resource": "*",
            "Effect": "Deny",
            "Condition": {
                "Bool": {
                    "ram:AllowsExternalPrincipals": "true"


Customize Template

No policy variables to customize
* Required field