DisassociatePrincipalFromPortfolio - AWS Service Catalog


Disassociates a previously associated principal ARN from a specified portfolio.

The PrincipalType and PrincipalARN must match the AssociatePrincipalWithPortfolio call request details. For example, to disassociate an association created with a PrincipalARN of PrincipalType IAM you must use the PrincipalType IAM when calling DisassociatePrincipalFromPortfolio.

For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal.

Request Syntax

{ "AcceptLanguage": "string", "PortfolioId": "string", "PrincipalARN": "string", "PrincipalType": "string" }

Request Parameters

The request accepts the following data in JSON format.


The language code.

  • en - English (default)

  • jp - Japanese

  • zh - Chinese

Type: String

Length Constraints: Maximum length of 100.

Required: No


The portfolio identifier.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 100.

Pattern: ^[a-zA-Z0-9_\-]*

Required: Yes


The ARN of the principal (IAM user, role, or group). This field allows an ARN with no accountID if PrincipalType is IAM_PATTERN.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1000.

Required: Yes


The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you use no accountID.

Type: String

Valid Values: IAM | IAM_PATTERN

Required: No

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.



One or more parameters provided to the operation are not valid.

HTTP Status Code: 400


The specified resource was not found.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: