Menu
AWS Service Catalog
Administrator Guide

AWS Managed Policies

AWS addresses many common use cases by providing standalone IAM policies that are created and administered by AWS. These AWS managed policies grant necessary permissions for common use cases so that you can avoid having to investigate what permissions are needed. For more information, see AWS Managed Policies in the IAM User Guide.

IAM provides the following AWS managed policies for AWS Service Catalog. They are preconfigured to provide the permissions that AWS Service Catalog administrators need to create and manage products, and they provide the initial permissions that end users need to launch products and manage provisioned products.

Administrators
  • ServiceCatalogAdminFullAccess — Grants full access to administrator console view and permission to create and manage products and portfolios.

  • ServiceCatalogAdminReadOnlyAccess — Grants full access to administrator console view. Cannot create or manage products and portfolios.

End users
  • ServiceCatalogEndUserFullAccess — Grants full access to end user console view and permission to launch products and manage provisioned products.

  • ServiceCatalogEndUserAccess — Grants full access to end user console view, Cannot launch products or manage provisioned products.

To attach a policy to an IAM user

  1. Open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Users.

  3. Choose the name (not the check box) of the IAM user.

  4. On the Permissions tab, choose Attach Policy.

  5. On the Attach Policy page, select the check box next to the policy, and then choose Attach Policy.

Note

You can review these permissions policies by signing in to the IAM console and searching for specific policies there.

You can also create your own custom IAM policies to allow permissions for AWS Service Catalog actions and resources. You can attach these custom policies to the IAM users or groups that require those permissions.