IPortfolio

class aws_cdk.aws_servicecatalog.IPortfolio(*args, **kwargs)

Bases: IResource, Protocol

A Service Catalog portfolio.

Methods

add_product(product)

Associate portfolio with the given product.

Parameters:

product (IProduct) – A service catalog produt.

Return type:

None

apply_removal_policy(policy)

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:

policy (RemovalPolicy) –

Return type:

None

associate_tag_options(tag_options)

Associate Tag Options.

A TagOption is a key-value pair managed in AWS Service Catalog. It is not an AWS tag, but serves as a template for creating an AWS tag based on the TagOption.

Parameters:

tag_options (TagOptions) –

Return type:

None

constrain_cloud_formation_parameters(product, *, rule, description=None, message_language=None)

Set provisioning rules for the product.

Parameters:
  • product (IProduct) – A service catalog product.

  • rule (Union[TemplateRule, Dict[str, Any]]) – The rule with condition and assertions to apply to template.

  • description (Optional[str]) – The description of the constraint. Default: - No description provided

  • message_language (Optional[MessageLanguage]) – The language code. Configures the language for error messages from service catalog. Default: - English

Return type:

None

constrain_tag_updates(product, *, allow=None, description=None, message_language=None)

Add a Resource Update Constraint.

Parameters:
  • product (IProduct) –

  • allow (Optional[bool]) – Toggle for if users should be allowed to change/update tags on provisioned products. Default: true

  • description (Optional[str]) – The description of the constraint. Default: - No description provided

  • message_language (Optional[MessageLanguage]) – The language code. Configures the language for error messages from service catalog. Default: - English

Return type:

None

deploy_with_stack_sets(product, *, accounts, admin_role, execution_role_name, regions, allow_stack_set_instance_operations=None, description=None, message_language=None)

Configure deployment options using AWS Cloudformation StackSets.

Parameters:
  • product (IProduct) – A service catalog product.

  • accounts (Sequence[str]) – List of accounts to deploy stacks to.

  • admin_role (IRole) – IAM role used to administer the StackSets configuration.

  • execution_role_name (str) – IAM role used to provision the products in the Stacks.

  • regions (Sequence[str]) – List of regions to deploy stacks to.

  • allow_stack_set_instance_operations (Optional[bool]) – Wether to allow end users to create, update, and delete stacks. Default: false

  • description (Optional[str]) – The description of the constraint. Default: - No description provided

  • message_language (Optional[MessageLanguage]) – The language code. Configures the language for error messages from service catalog. Default: - English

Return type:

None

give_access_to_group(group)

Associate portfolio with an IAM Group.

Parameters:

group (IGroup) – an IAM Group.

Return type:

None

give_access_to_role(role)

Associate portfolio with an IAM Role.

Parameters:

role (IRole) – an IAM role.

Return type:

None

give_access_to_user(user)

Associate portfolio with an IAM User.

Parameters:

user (IUser) – an IAM user.

Return type:

None

notify_on_stack_events(product, topic, *, description=None, message_language=None)

Add notifications for supplied topics on the provisioned product.

Parameters:
  • product (IProduct) – A service catalog product.

  • topic (ITopic) – A SNS Topic to receive notifications on events related to the provisioned product.

  • description (Optional[str]) – The description of the constraint. Default: - No description provided

  • message_language (Optional[MessageLanguage]) – The language code. Configures the language for error messages from service catalog. Default: - English

Return type:

None

set_launch_role(product, launch_role, *, description=None, message_language=None)

Force users to assume a certain role when launching a product.

This sets the launch role using the role arn which is tied to the account this role exists in. This is useful if you will be provisioning products from the account where this role exists. If you intend to share the portfolio across accounts, use a local launch role.

Parameters:
  • product (IProduct) – A service catalog product.

  • launch_role (IRole) – The IAM role a user must assume when provisioning the product.

  • description (Optional[str]) – The description of the constraint. Default: - No description provided

  • message_language (Optional[MessageLanguage]) – The language code. Configures the language for error messages from service catalog. Default: - English

Return type:

None

set_local_launch_role(product, launch_role, *, description=None, message_language=None)

Force users to assume a certain role when launching a product.

The role name will be referenced by in the local account and must be set explicitly. This is useful when sharing the portfolio with multiple accounts.

Parameters:
  • product (IProduct) – A service catalog product.

  • launch_role (IRole) – The IAM role a user must assume when provisioning the product. A role with this name must exist in the account where the portolio is created and the accounts it is shared with. The role name must be set explicitly.

  • description (Optional[str]) – The description of the constraint. Default: - No description provided

  • message_language (Optional[MessageLanguage]) – The language code. Configures the language for error messages from service catalog. Default: - English

Return type:

None

set_local_launch_role_name(product, launch_role_name, *, description=None, message_language=None)

Force users to assume a certain role when launching a product.

The role will be referenced by name in the local account instead of a static role arn. A role with this name will automatically be created and assumable by Service Catalog in this account. This is useful when sharing the portfolio with multiple accounts.

Parameters:
  • product (IProduct) – A service catalog product.

  • launch_role_name (str) – The name of the IAM role a user must assume when provisioning the product. A role with this name must exist in the account where the portolio is created and the accounts it is shared with.

  • description (Optional[str]) – The description of the constraint. Default: - No description provided

  • message_language (Optional[MessageLanguage]) – The language code. Configures the language for error messages from service catalog. Default: - English

Return type:

IRole

share_with_account(account_id, *, message_language=None, share_tag_options=None)

Initiate a portfolio share with another account.

Parameters:
  • account_id (str) – AWS account to share portfolio with.

  • message_language (Optional[MessageLanguage]) – The message language of the share. Controls status and error message language for share. Default: - English

  • share_tag_options (Optional[bool]) – Whether to share tagOptions as a part of the portfolio share. Default: - share not specified

Return type:

None

Attributes

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

node

The tree node.

portfolio_arn

The ARN of the portfolio.

Attribute:

true

portfolio_id

The ID of the portfolio.

Attribute:

true

stack

The stack in which this resource is defined.