Service Catalog
Table of Contents
Privileges
AcceptPortfolioShare
description: Grants permission to accept a portfolio that has been shared with you
access level: Write
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
AssociateBudgetWithResource
description: Grants permission to associate a budget with a resource
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
AssociatePrincipalWithPortfolio
description: Grants permission to associate an IAM principal with a portfolio, giving the specified principal access to any products associated with the specified portfolio
access level: Write
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
AssociateProductWithPortfolio
description: Grants permission to associate a product with a portfolio
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
AssociateServiceActionWithProvisioningArtifact
description: Grants permission to associate an action with a provisioning artifact
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
AssociateTagOptionWithResource
description: Grants permission to associate the specified TagOption with the specified portfolio or product
access level: Write
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": false,
"condition_keys": [],
"dependent_actions": []
},
"Product": {
"resource_type": "Product",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
BatchAssociateServiceActionWithProvisioningArtifact
description: Grants permission to associate multiple self-service actions with provisioning artifacts
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
BatchDisassociateServiceActionFromProvisioningArtifact
description: Grants permission to disassociate a batch of self-service actions from the specified provisioning artifact
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
CopyProduct
description: Grants permission to copy the specified source product to the specified target product or a new product
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
CreateConstraint
description: Grants permission to create a constraint on an associated product and portfolio
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
CreatePortfolio
description: Grants permission to create a portfolio
access level: Write
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
},
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependent_actions": []
}
}
CreatePortfolioShare
description: Grants permission to share a portfolio you own with another AWS account
access level: Permissions management
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
CreateProduct
description: Grants permission to create a product and that product's first provisioning artifact
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
},
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependent_actions": []
}
}
CreateProvisionedProductPlan
description: Grants permission to add a new provisioned product plan
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
CreateProvisioningArtifact
description: Grants permission to add a new provisioning artifact to an existing product
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
CreateServiceAction
description: Grants permission to create a self-service action
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
CreateTagOption
description: Grants permission to create a TagOption
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DeleteConstraint
description: Grants permission to remove and delete an existing constraint from an associated product and portfolio
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DeletePortfolio
description: Grants permission to delete a portfolio if all associations and shares have been removed from the portfolio
access level: Write
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DeletePortfolioShare
description: Grants permission to unshare a portfolio you own from an AWS account you previously shared the portfolio with
access level: Permissions management
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DeleteProduct
description: Grants permission to delete a product if all associations have been removed from the product
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DeleteProvisionedProductPlan
description: Grants permission to delete a provisioned product plan
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DeleteProvisioningArtifact
description: Grants permission to delete a provisioning artifact from a product
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DeleteServiceAction
description: Grants permission to delete a self-service action
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DeleteTagOption
description: Grants permission to delete the specified TagOption
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeConstraint
description: Grants permission to describe a constraint
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeCopyProductStatus
description: Grants permission to get the status of the specified copy product operation
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DescribePortfolio
description: Grants permission to describe a portfolio
access level: Read
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DescribePortfolioShareStatus
description: Grants permission to get the status of the specified portfolio share operation
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeProduct
description: Grants permission to describe a product as an end-user
access level: Read
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeProductAsAdmin
description: Grants permission to describe a product as an admin
access level: Read
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeProductView
description: Grants permission to describe a product as an end-user
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeProvisionedProduct
description: Grants permission to describe a provisioned product
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeProvisionedProductPlan
description: Grants permission to describe a provisioned product plan
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeProvisioningArtifact
description: Grants permission to describe a provisioning artifact
access level: Read
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeProvisioningParameters
description: Grants permission to describe the parameters that you need to specify to successfully provision a specified provisioning artifact
access level: Read
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeRecord
description: Grants permission to describe a record and lists any outputs
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"dependent_actions": []
}
}
DescribeServiceAction
description: Grants permission to describe a self-service action
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeServiceActionExecutionParameters
description: Grants permission to get the default parameters if you executed the specified Service Action on the specified Provisioned Product
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DescribeTagOption
description: Grants permission to get information about the specified TagOption
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DisableAWSOrganizationsAccess
description: Grants permission to disable portfolio sharing through AWS Organizations feature
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DisassociateBudgetFromResource
description: Grants permission to disassociate a budget from a resource
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DisassociatePrincipalFromPortfolio
description: Grants permission to disassociate an IAM principal from a portfolio
access level: Write
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DisassociateProductFromPortfolio
description: Grants permission to disassociate a product from a portfolio
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
DisassociateServiceActionFromProvisioningArtifact
description: Grants permission to disassociate the specified self-service action association from the specified provisioning artifact
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
DisassociateTagOptionFromResource
description: Grants permission to disassociate the specified TagOption from the specified resource
access level: Write
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": false,
"condition_keys": [],
"dependent_actions": []
},
"Product": {
"resource_type": "Product",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
EnableAWSOrganizationsAccess
description: Grants permission to enable portfolio sharing feature through AWS Organizations
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ExecuteProvisionedProductPlan
description: Grants permission to execute a provisioned product plan
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ExecuteProvisionedProductServiceAction
description: Grants permission to executes a provisioned product plan
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
GetAWSOrganizationsAccessStatus
description: Grants permission to get the access status of AWS Organization portfolio share feature
access level: Read
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListAcceptedPortfolioShares
description: Grants permission to list the portfolios that have been shared with you and you have accepted
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListBudgetsForResource
description: Grants permission to list all the budgets associated to a resource
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListConstraintsForPortfolio
description: Grants permission to list constraints associated with a given portfolio
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListLaunchPaths
description: Grants permission to list the different ways to launch a given product as an end-user
access level: List
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
ListOrganizationPortfolioAccess
description: Grants permission to list the organization nodes that have access to the specified portfolio
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListPortfolioAccess
description: Grants permission to list the AWS accounts you have shared a given portfolio with
access level: List
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
ListPortfolios
description: Grants permission to list the portfolios in your account
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListPortfoliosForProduct
description: Grants permission to list the portfolios associated with a given product
access level: List
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
ListPrincipalsForPortfolio
description: Grants permission to list the IAM principals associated with a given portfolio
access level: List
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
ListProvisionedProductPlans
description: Grants permission to list the provisioned product plans
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListProvisioningArtifacts
description: Grants permission to list the provisioning artifacts associated with a given product
access level: List
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
ListProvisioningArtifactsForServiceAction
description: Grants permission to list all provisioning artifacts for the specified self-service action
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListRecordHistory
description: Grants permission to list all the records in your account or all the records related to a given provisioned product
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"dependent_actions": []
}
}
ListResourcesForTagOption
description: Grants permission to list the resources associated with the specified TagOption
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListServiceActions
description: Grants permission to list all self-service actions
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListServiceActionsForProvisioningArtifact
description: Grants permission to list all the service actions associated with the specified provisioning artifact in your account
access level: List
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
ListStackInstancesForProvisionedProduct
description: Grants permission to list account, region and status of each stack instances that are associated with a CFN_STACKSET type provisioned product
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ListTagOptions
description: Grants permission to list the specified TagOptions or all TagOptions
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
ProvisionProduct
description: Grants permission to provision a product with a specified provisioning artifact and launch parameters
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
RejectPortfolioShare
description: Grants permission to reject a portfolio that has been shared with you that you previously accepted
access level: Write
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
ScanProvisionedProducts
description: Grants permission to list all the provisioned products in your account
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"dependent_actions": []
}
}
SearchProducts
description: Grants permission to list the products available to you as an end-user
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
SearchProductsAsAdmin
description: Grants permission to list all the products in your account or all the products associated with a given portfolio
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
SearchProvisionedProducts
description: Grants permission to list all the provisioned products in your account
access level: List
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"dependent_actions": []
}
}
TerminateProvisionedProduct
description: Grants permission to terminate an existing provisioned product
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"dependent_actions": []
}
}
UpdateConstraint
description: Grants permission to update the metadata fields of an existing constraint
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
UpdatePortfolio
description: Grants permission to update the metadata fields and/or tags of an existing portfolio
access level: Write
resource types
{
"Portfolio": {
"resource_type": "Portfolio",
"required": true,
"condition_keys": [],
"dependent_actions": []
},
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependent_actions": []
}
}
UpdateProduct
description: Grants permission to update the metadata fields and/or tags of an existing product
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
},
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"aws:RequestTag/${TagKey}",
"aws:TagKeys"
],
"dependent_actions": []
}
}
UpdateProvisionedProduct
description: Grants permission to update an existing provisioned product
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [
"servicecatalog:accountLevel",
"servicecatalog:roleLevel",
"servicecatalog:userLevel"
],
"dependent_actions": []
}
}
UpdateProvisionedProductProperties
description: Grants permission to update the properties of an existing provisioned product
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
UpdateProvisioningArtifact
description: Grants permission to update the metadata fields of an existing provisioning artifact
access level: Write
resource types
{
"Product": {
"resource_type": "Product",
"required": true,
"condition_keys": [],
"dependent_actions": []
}
}
UpdateServiceAction
description: Grants permission to update a self-service action
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}
UpdateTagOption
description: Grants permission to update the specified TagOption
access level: Write
resource types
{
"": {
"resource_type": "",
"required": false,
"condition_keys": [],
"dependent_actions": []
}
}