Relevant News - AWS Resource Access Manager

Category: Security, Identity & Compliance

Here are the latest news items for AWS Resource Access Manager.

AWS Resource Access Manager now supports maintaining shares when accounts change organizations

🎉
Service Feature Change
TL;DR: AWS RAM now supports maintaining resource shares when accounts change organizations with new RetainSharingOnAccountLeaveOrganization parameter.
AWS Services: AWS Resource Access Manager, AWS Organizations, Route53 Resolver Rules, Transit Gateways, IPAM, Service Control Policies

Link: https://aws.amazon.com/about-aws/whats-new/2026/02/aws-resource-access-manager/

AWS Resource Access Manager (RAM) now supports a resource share configuration that allows you to maintain resource sharing continuity when accounts move between AWS Organizations. With the new RetainSharingOnAccountLeaveOrganization parameter and corresponding ram:RetainSharingOnAccountLeaveOrganization condition key, security administrators can configure resource shares to retain access when accounts leave the organization and enforce consistent policies across their organization using Service Control Policies (SCPs).

This capability helps organizations undergoing mergers, acquisitions, or restructuring maintain access to shared resources like Route53 Resolver Rules, Transit Gateways, and IPAM pools without disruption. Security teams can use SCPs to enforce the RetainSharingOnAccountLeaveOrganization configuration organization-wide. When enabled, RAM treats organization accounts as external accounts, requiring explicit invitation acceptance and preserving resource access during account transitions between organizations.

This feature is available in all AWS commercial Regions at no additional cost. To learn more about resource share configurations, see the AWS RAM documentation or visit the AWS RAM product page.

Published: 2026-02-27 17:35:00+00:00

AWS Security Agent adds support for penetration tests on shared VPCs across AWS accounts

🚀
New Service Feature Introduction
TL;DR: AWS Security Agent now supports penetration testing on shared VPCs across multiple AWS accounts within organizations.
AWS Services: AWS Security Agent, Virtual Private Cloud, AWS Resource Access Manager

Link: https://aws.amazon.com/about-aws/whats-new/2026/02/aws-security-agent-adds-penetration-tests-shared/

AWS Security Agent now enables customers to run penetration tests against Virtual Private Cloud (VPC) resources shared from other AWS accounts within the same organization. This new capability allows security teams to perform comprehensive security assessments across their multi-account environments using AWS Security Agent. By leveraging AWS Resource Access Manager (RAM), customers can securely share VPC resources from sub-accounts to a central AWS account where penetration testing is conducted.

This feature addresses the challenge of testing distributed architectures spanning multiple AWS accounts. Security professionals can now create an Agent Space in a central account and use RAM to access VPC resources from connected sub-accounts for testing. This streamlines security assessments for organizations with complex multi-account setups. The ability to comprehensively test shared VPC resources enhances an organization's overall security posture.

To get started, ensure your accounts are part of the same AWS Organization and configure resource sharing using RAM. Then launch AWS Security Agent in your central account to begin penetration testing across the shared VPC resources. For more information on AWS Security Agent and its penetration testing capabilities, visit the AWS Security Agent documentation

Published: 2026-02-25 19:07:00+00:00