You are going to configure the service catalog in such a way that the users can provision AWS service only through the service catalog products. They cannot provision the service directly from the console. The portfolio constraints are configured for such purpose.
-
Go to the AWS Service Control Management Console, Click on the Portfolios menu under Administrator section in the left side and then click on the database-portfolio portfolio.
-
On the portfolio screen, click on the Constraints (0) tab and then click on the Create constrain button.
-
On the next screen, select Product-Redshift as the product. Select Launch as the Constraint type. For Launch constrain method, choose Select IAM role option and then select awsdojocatalogrole for the IAM role. Then click on the Create button.
-
The constraint is created in no time. You are configuring database-portfolio portfolio to create the Product-Redshift product resources using the awsdojocatalogrole role.
-
Kindly repeat steps 1 to 3 to configure constrain for the Product-DynamoDB product in the database-portfolio portfolio.
-
Also repeat steps 1 to 3 to configure constrains for the Product-S3, Product-SNS and Product-SQS products in the app-service-portfolio portfolio.
-
All the configurations are in place. Let’s test it for both databaseuser and applicationuser users in the next task.