AWS Service Catalog
Administrator Guide

Grant Permissions to AWS Service Catalog End Users

Before the end user can use AWS Service Catalog, you must grant access to the AWS Service Catalog end user console view. To grant access, you attach policies to the IAM user, group, or role that is used by the end user. In the following procedure, we attach the ServiceCatalogEndUserAccess policy to an IAM group. For more information, see Predefined AWS Managed Policies.

To allow an end user to launch a product, you must grant access to the ProvisionProduct action. You can do so using an inline policy, as shown in the following procedure.

To grant permissions to an end user

  1. Open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Policies.

  3. Choose Create policy and do the following:

    1. For Create Your Own Policy, choose Select.

    2. For Policy Name, type ServiceCatalogEndusers-AdditionalPermissions.

    3. Copy the following example policy and paste it in Policy Document:

      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "servicecatalog:ProvisionProduct" ], "Resource": "*" } ] }
    4. Choose Create Policy.

  4. In the navigation pane, choose Groups.

  5. Choose Create New Group and do the following:

    1. For Group Name, type Endusers, and then choose Next Step.

    2. In the search field, type ServiceCatalog to filter the policy list.

    3. Select the checkboxes for the ServiceCatalogEndUserAccess and ServiceCatalogEndusers-AdditionalPermissions policies, and then choose Next Step.

    4. On the Review page, choose Create Group.

  6. In the navigation pane, choose Users.

  7. Choose Add user and do the following:

    1. For User name, type a name for the user.

    2. Select AWS Management Console access.

    3. Choose Next: Permissions.

    4. Choose Add user to group.

    5. Select the checkbox for the Endusers group and choose Next: Review.

    6. On the Review page, choose Create user. Download or copy the credentials and then choose Close.