chore: moving into its own file and adding the permission

gambol99 · gambol99 · commit baf3e5b07c95 · 2025-04-01T17:41:26.000+01:00
diff --git a/modules/shared/main.tf b/modules/shared/main.tf
@@ -111,34 +111,3 @@ resource "aws_network_acl_association" "nacl" {
   subnet_id      = each.value.id
 }
 
-## Provision a AWS RAM share, to distribute the subnets to the accounts
-resource "aws_ram_resource_share" "this" {
-  name                      = local.ram_share_name
-  allow_external_principals = false
-  permission_arns           = []
-  tags                      = local.tags
-}
-
-## Associate the subnets with the RAM share
-resource "aws_ram_resource_association" "this" {
-  for_each = aws_subnet.subnets
-
-  resource_arn       = each.value.arn
-  resource_share_arn = aws_ram_resource_share.this.arn
-}
-
-## Associate the principals with the RAM share
-resource "aws_ram_principal_association" "accounts" {
-  for_each = toset(var.share.accounts)
-
-  principal          = each.value
-  resource_share_arn = aws_ram_resource_share.this.arn
-}
-
-## Associate the principals with the RAM share
-resource "aws_ram_principal_association" "organizational_units" {
-  for_each = toset(var.share.organizational_units)
-
-  principal          = each.value
-  resource_share_arn = aws_ram_resource_share.this.arn
-}
diff --git a/modules/shared/ram.tf b/modules/shared/ram.tf
@@ -0,0 +1,33 @@
+## Related the RAM sharing
+
+## Provision a AWS RAM share, to distribute the subnets to the accounts
+resource "aws_ram_resource_share" "this" {
+  name                      = local.ram_share_name
+  allow_external_principals = false
+  permission_arns           = ["arn:aws:ram::aws:permission/AWSRAMDefaultPermissionSubnet"]
+  tags                      = local.tags
+}
+
+## Associate the subnets with the RAM share
+resource "aws_ram_resource_association" "this" {
+  for_each = aws_subnet.subnets
+
+  resource_arn       = each.value.arn
+  resource_share_arn = aws_ram_resource_share.this.arn
+}
+
+## Associate the principals with the RAM share
+resource "aws_ram_principal_association" "accounts" {
+  for_each = toset(var.share.accounts)
+
+  principal          = each.value
+  resource_share_arn = aws_ram_resource_share.this.arn
+}
+
+## Associate the principals with the RAM share
+resource "aws_ram_principal_association" "organizational_units" {
+  for_each = toset(var.share.organizational_units)
+
+  principal          = each.value
+  resource_share_arn = aws_ram_resource_share.this.arn
+}
