From c6567a4e711386a20ec277a54f0ab48c33553af3 Mon Sep 17 00:00:00 2001 From: Aidan Crank Date: Tue, 1 Mar 2022 14:29:58 -0500 Subject: [PATCH 01/15] feat(servicecatalog): ServiceCatalog Construct Library is now in Developer Preview Update some of our readme language based on feedback. Moving library to developer preview with expectation to move to stable soon. --- .../@aws-cdk/aws-servicecatalog/README.md | 108 ++++++++---------- .../@aws-cdk/aws-servicecatalog/package.json | 2 +- 2 files changed, 49 insertions(+), 61 deletions(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index 12e57cbc200ee..175fbe297f7d0 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -9,11 +9,11 @@ > > [CFN Resources]: https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib -![cdk-constructs: Experimental](https://img.shields.io/badge/cdk--constructs-experimental-important.svg?style=for-the-badge) +![cdk-constructs: Developer Preview](https://img.shields.io/badge/cdk--constructs-developer--preview-informational.svg?style=for-the-badge) -> The APIs of higher level constructs in this module are experimental and under active development. -> They are subject to non-backward compatible changes or removal in any future version. These are -> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be +> The APIs of higher level constructs in this module are in **developer preview** before they become stable. +> We will only make breaking changes to address unforeseen API issues. Therefore, these APIs are +> not subject to the [Semantic Versioning](https://semver.org/), and breaking changes will be > announced in the release notes. This means that while you may use them, you may need to update > your source code when upgrading to a newer version of this package. @@ -37,7 +37,7 @@ enables organizations to create and manage catalogs of products for their end us - [Constraints](#constraints) - [Tag update constraint](#tag-update-constraint) - [Notify on stack events](#notify-on-stack-events) - - [CloudFormation parameters constraint](#cloudformation-parameters-constraint) + - [CloudFormation template parameters constraint](#cloudformation-template-parameters-constraint) - [Set launch role](#set-launch-role) - [Deploy with StackSets](#deploy-with-stacksets) @@ -50,23 +50,23 @@ import * as servicecatalog from '@aws-cdk/aws-servicecatalog'; ## Portfolio -AWS Service Catalog portfolios allow admins to manage products that their end users have access to. +AWS Service Catalog portfolios allow administrators to organize, manage, and distribute cloud resources for their end users. Using the CDK, a new portfolio can be created with the `Portfolio` construct: ```ts -new servicecatalog.Portfolio(this, 'MyFirstPortfolio', { - displayName: 'MyFirstPortfolio', +new servicecatalog.Portfolio(this, 'Portfolio', { + displayName: 'MyPortfolio', providerName: 'MyTeam', }); ``` -You can also specify properties such as `description` and `acceptLanguage` +You can also specify optional metadata properties such as `description` and `acceptLanguage` to help better catalog and manage your portfolios. ```ts -new servicecatalog.Portfolio(this, 'MyFirstPortfolio', { +new servicecatalog.Portfolio(this, 'Portfolio', { displayName: 'MyFirstPortfolio', - providerName: 'MyTeam', + providerName: 'SCAdmin', description: 'Portfolio for a project', messageLanguage: servicecatalog.MessageLanguage.EN, }); @@ -74,37 +74,36 @@ new servicecatalog.Portfolio(this, 'MyFirstPortfolio', { Read more at [Creating and Managing Portfolios](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios.html). -A portfolio that has been created outside the stack can be imported into your CDK app. -Portfolios can be imported by their ARN via the `Portfolio.fromPortfolioArn()` API: +To import an existing portfolio into your CDK application, use the `Portfolio.fromPortfolioArn()` factory method: ```ts -const portfolio = servicecatalog.Portfolio.fromPortfolioArn(this, 'MyImportedPortfolio', +const portfolio = servicecatalog.Portfolio.fromPortfolioArn(this, 'ImportedPortfolio', 'arn:aws:catalog:region:account-id:portfolio/port-abcdefghi'); ``` ### Granting access to a portfolio -You can manage end user access to a portfolio by granting permissions to `IAM` entities like a user, group, or role. +You can grant access to and manage the `IAM` users, groups, or roles that have access to the products within a portfolio. Entities with granted access will be able to utilize the portfolios resources and products via the console or AWS CLI. Once resources are deployed end users will be able to access them via the console or service catalog CLI. ```ts fixture=basic-portfolio import * as iam from '@aws-cdk/aws-iam'; -const user = new iam.User(this, 'MyUser'); +const user = new iam.User(this, 'User'); portfolio.giveAccessToUser(user); -const role = new iam.Role(this, 'MyRole', { +const role = new iam.Role(this, 'Role', { assumedBy: new iam.AccountRootPrincipal(), }); portfolio.giveAccessToRole(role); -const group = new iam.Group(this, 'MyGroup'); +const group = new iam.Group(this, 'Group'); portfolio.giveAccessToGroup(group); ``` ### Sharing a portfolio with another AWS account -A portfolio can be programatically shared with other accounts so that specified users can also access it: +You can use account-to-account sharing to distribute a reference to your portfolio to other AWS accounts by passing the recipient account number. After the share is initiated, the recipient account can accept the share via CLI or console by importing the portfolio ID. Changes made to the shared portfolio will automatically propagate to recipients. ```ts fixture=basic-portfolio portfolio.shareWithAccount('012345678901'); @@ -112,10 +111,10 @@ portfolio.shareWithAccount('012345678901'); ## Product -Products are the resources you are allowing end users to provision and utilize. +Products are version friendly infrastructure-as-code templates that admins create and add to portfolios for end users to provision and create AWS resources. The CDK currently only supports adding products of type Cloudformation product. Using the CDK, a new Product can be created with the `CloudFormationProduct` construct. -`CloudFormationTemplate.fromUrl` can be utilized to create a Product using a Cloudformation template directly from an URL: +You can use `CloudFormationTemplate.fromUrl` to create a Product from a Cloudformation template directly from a URL that points to a CloudFormation template in S3, GitHub, or CodeCommit: ```ts const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', { @@ -133,14 +132,14 @@ const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', ### Creating a product from a local asset -A `CloudFormationProduct` can also be created using a Cloudformation template from an Asset. +A `CloudFormationProduct` can also be created by using a Cloudformation template held locally on disk using Assets. Assets are files that are uploaded to an S3 Bucket before deployment. `CloudFormationTemplate.fromAsset` can be utilized to create a Product by passing the path to a local template file on your disk: ```ts import * as path from 'path'; -const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', { +const product = new servicecatalog.CloudFormationProduct(this, 'Product', { productName: "My Product", owner: "Product Owner", productVersions: [ @@ -159,10 +158,10 @@ const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', ### Creating a product from a stack -You can define a service catalog `CloudFormationProduct` entirely within CDK using a service catalog `ProductStack`. +You can create a Service Catalog `CloudFormationProduct` entirely defined with CDK code using a service catalog `ProductStack`. A separate child stack for your product is created and you can add resources like you would for any other CDK stack, such as an S3 Bucket, IAM roles, and EC2 instances. This stack is passed in as a product version to your -product. This will not create a separate stack during deployment. +product. This will not create a separate Cloudformation stack during deployment. ```ts import * as s3 from '@aws-cdk/aws-s3'; @@ -176,7 +175,7 @@ class S3BucketProduct extends servicecatalog.ProductStack { } } -const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', { +const product = new servicecatalog.CloudFormationProduct(this, 'Product', { productName: "My Product", owner: "Product Owner", productVersions: [ @@ -190,9 +189,9 @@ const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', ### Adding a product to a portfolio -You add products to a portfolio to manage your resources at scale. After adding a product to a portfolio, -it creates a portfolio-product association, and will become visible from the portfolio side in both the console and service catalog CLI. -A product can be added to multiple portfolios depending on your resource and organizational needs. +You add products to a portfolio to organize and distrbute your catalog at scale. Addinga product to a portfolio creates an association, +and the product will become visible within the portfolio side in both the Service Catalog console and AWS CLI. +You can add a product to multiple portfolios depending on your organizational structure and how you would like to group access to products. ```ts fixture=portfolio-product portfolio.addProduct(product); @@ -200,11 +199,11 @@ portfolio.addProduct(product); ## Tag Options -TagOptions allow administrators to easily manage tags on provisioned products by creating a selection of tags for end users to choose from. -TagOptions are created by specifying a tag key with a selection of allowed values and can be associated with both portfolios and products. +TagOptions allow administrators to easily manage tags on provisioned products by providing a template for a selection of tags that end users choose from. +TagOptions are created by specifying a tag key with a set of allowed values and can be associated with both portfolios and products. When launching a product, both the TagOptions associated with the product and the containing portfolio are made available. -At the moment, TagOptions can only be disabled in the console. +At the moment, TagOptions can only be deactivated in the console. ```ts fixture=portfolio-product const tagOptionsForPortfolio = new servicecatalog.TagOptions(this, 'OrgTagOptions', { @@ -225,12 +224,11 @@ product.associateTagOptions(tagOptionsForProduct); ## Constraints -Constraints define governance mechanisms that allow you to manage permissions, notifications, and options related to actions end users can perform on products, -Constraints are applied on a portfolio-product association. +Constraints are governance gestures that you place on product-portfolio associations that allow you to manage minimal launch permissions, notifications, and other optional actions that end users can perform on products. Using the CDK, if you do not explicitly associate a product to a portfolio and add a constraint, it will automatically add an association for you. -There are rules around plurariliites of constraints for a portfolio and product. -For example, you can only have a single "tag update" constraint applied to a portfolio-product association. +There are rules around how constraints are applied to portfolio-product associations. +For example, you can only have a single "launch role" constraint applied to a portfolio-product association. If a misconfigured constraint is added, `synth` will fail with an error message. Read more at [Service Catalog Constraints](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints.html). @@ -238,7 +236,7 @@ Read more at [Service Catalog Constraints](https://docs.aws.amazon.com/serviceca ### Tag update constraint Tag update constraints allow or disallow end users to update tags on resources associated with an AWS Service Catalog product upon provisioning. -By default, tag updating is not permitted. +By default, if a Tag Update constraint is not configured, tag updating is not permitted. If tag updating is allowed, then new tags associated with the product or portfolio will be applied to provisioned resources during a provisioned product update. ```ts fixture=portfolio-product @@ -258,32 +256,25 @@ portfolio.constrainTagUpdates(product, { ### Notify on stack events -Allows users to subscribe an AWS `SNS` topic to the stack events of the product. -When an end user provisions a product it creates a product stack that notifies the subscribed topic on creation, edit, and delete events. -An individual `SNS` topic may only be subscribed once to a portfolio-product association. +Allows users to subscribe an AWS `SNS` topic to a provisiooned product's Cloudformation stack events. +When an end user provisions a product it creates a Cloudformation stack that notifies the subscribed topic on creation, edit, and delete events. +An individual `SNS` topic may only have a single subscription to any given portfolio-product association. ```ts fixture=portfolio-product import * as sns from '@aws-cdk/aws-sns'; -const topic1 = new sns.Topic(this, 'MyTopic1'); +const topic1 = new sns.Topic(this, 'Topic1'); portfolio.notifyOnStackEvents(product, topic1); -const topic2 = new sns.Topic(this, 'MyTopic2'); +const topic2 = new sns.Topic(this, 'Topic2'); portfolio.notifyOnStackEvents(product, topic2, { - description: 'description for this topic2', // description is an optional field. + description: 'description for topic2', // description is an optional field. }); ``` -### CloudFormation parameters constraint +### CloudFormation template parameters constraint -CloudFormation parameters constraints allow you to configure the that are available to end users when they launch a product via defined rules. -A rule consists of one or more assertions that narrow the allowable values for parameters in a product. -You can configure multiple parameter constraints to govern the different parameters and parameter options in your products. -For example, a rule might define the various instance types that users can choose from when launching a stack that includes EC2 instances. -A parameter rule has an optional `condition` field that allows ability to configure when rules are applied. -If a `condition` is specified, all the assertions will be applied if the condition evalutates to true. -For information on rule-specific intrinsic functions to define rule conditions and assertions, -see [AWS Rule Functions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-rules.html). +CloudFormation template parameter constraints allow you to configure the provisioning parameters that are available to end users when they launch a product. Template constraint rules consist of one or more assertions that define the default and/or allowable values for a product’s provisioning parameters. You can configure multiple parameter constraints to govern the different provisioning parameters within your products. For example, a rule might define the `EC2` instance types that users can choose from when launching a product that includes one or more `EC2` instances. Parameter rules have an optional `condition` field that allow for rule application to consider conditional evaluations. If a `condition` is specified, all assertions will be applied if the condition evaluates to true. For information on rule-specific intrinsic functions to define rule conditions and assertions, see [AWS Rule Functions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-rules.html). ```ts fixture=portfolio-product import * as cdk from '@aws-cdk/core'; @@ -302,10 +293,7 @@ portfolio.constrainCloudFormationParameters(product, { ### Set launch role -Allows you to configure a specific AWS `IAM` role that a user must assume when launching a product. -By setting this launch role, you can control what policies and privileges end users can have. -The launch role must be assumed by the service catalog principal. -You can only have one launch role set for a portfolio-product association, and you cannot set a launch role if a StackSets deployment has been configured. +Allows you to configure a specific `IAM` role that Service Catalog assumes on behalf of the end user when launching a product. By setting a launch role constraint, you can maintain least permissions for an end user when launching a product. For example, a launch role can grant permissions for specific resource creation like an `S3` bucket that the user. The launch role must be assumed by the Service Catalog principal. You can only have one launch role set for a portfolio-product association, and you cannot set a launch role on a product that already has a StackSets deployment configured. ```ts fixture=portfolio-product import * as iam from '@aws-cdk/aws-iam'; @@ -346,16 +334,16 @@ const launchRole: iam.IRole = portfolio.setLocalLaunchRoleName(product, roleName ``` See [Launch Constraint](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints-launch.html) documentation -to understand the permissions roles need. +to understand the permissions that launch roles need. ### Deploy with StackSets A StackSets deployment constraint allows you to configure product deployment options using [AWS CloudFormation StackSets](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/using-stacksets.html). -You can specify multiple accounts and regions for the product launch following StackSets conventions. -There is an additional field `allowStackSetInstanceOperations` that configures ability for end users to create, edit, or delete the stacks. +You can specify one or more accounts and regions into which stack instances will launch when the product is provisioned. There is an additional +The field `allowStackSetInstanceOperations` configures ability for end users to create, edit, or delete the stacks created by the StackSet. By default, this field is set to `false`. -End users can manage those accounts and determine where products deploy and the order of deployment. +When launching a StackSets product, end users can select from the list of accounts and regions configured in the constraint to determine where the Stack Instances will deploy and the order of deployment. You can only define one StackSets deployment configuration per portfolio-product association, and you cannot both set a launch role and StackSets deployment configuration for an assocation. diff --git a/packages/@aws-cdk/aws-servicecatalog/package.json b/packages/@aws-cdk/aws-servicecatalog/package.json index e11b48a0c3392..ad8a28968f906 100644 --- a/packages/@aws-cdk/aws-servicecatalog/package.json +++ b/packages/@aws-cdk/aws-servicecatalog/package.json @@ -114,7 +114,7 @@ "ref-via-interface:@aws-cdk/aws-servicecatalog.PortfolioProps.tagOptions" ] }, - "maturity": "experimental", + "maturity": "developer-preview", "stability": "experimental", "awscdkio": { "announce": false From 6400f4ab8aa22ece164a4d2857c7137c02c6363a Mon Sep 17 00:00:00 2001 From: arcrank Date: Tue, 1 Mar 2022 14:54:20 -0500 Subject: [PATCH 02/15] Update packages/@aws-cdk/aws-servicecatalog/README.md --- packages/@aws-cdk/aws-servicecatalog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index 175fbe297f7d0..d7327bdcd6aac 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -189,7 +189,7 @@ const product = new servicecatalog.CloudFormationProduct(this, 'Product', { ### Adding a product to a portfolio -You add products to a portfolio to organize and distrbute your catalog at scale. Addinga product to a portfolio creates an association, +You add products to a portfolio to organize and distribute your catalog at scale. Adding a product to a portfolio creates an association, and the product will become visible within the portfolio side in both the Service Catalog console and AWS CLI. You can add a product to multiple portfolios depending on your organizational structure and how you would like to group access to products. From 073ffaeb1660da9939f7a514c4d9b694c7bbcc9e Mon Sep 17 00:00:00 2001 From: arcrank Date: Tue, 1 Mar 2022 14:54:29 -0500 Subject: [PATCH 03/15] Update packages/@aws-cdk/aws-servicecatalog/README.md --- packages/@aws-cdk/aws-servicecatalog/README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index d7327bdcd6aac..1551dce608152 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -340,8 +340,7 @@ to understand the permissions that launch roles need. A StackSets deployment constraint allows you to configure product deployment options using [AWS CloudFormation StackSets](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/using-stacksets.html). -You can specify one or more accounts and regions into which stack instances will launch when the product is provisioned. There is an additional -The field `allowStackSetInstanceOperations` configures ability for end users to create, edit, or delete the stacks created by the StackSet. +You can specify one or more accounts and regions into which stack instances will launch when the product is provisioned. There is an additional field `allowStackSetInstanceOperations` that sets ability for end users to create, edit, or delete the stacks created by the StackSet. By default, this field is set to `false`. When launching a StackSets product, end users can select from the list of accounts and regions configured in the constraint to determine where the Stack Instances will deploy and the order of deployment. You can only define one StackSets deployment configuration per portfolio-product association, From 0b45cf80cf709831ae4354d05648abe56a5ad6a4 Mon Sep 17 00:00:00 2001 From: arcrank Date: Tue, 1 Mar 2022 14:54:37 -0500 Subject: [PATCH 04/15] Update packages/@aws-cdk/aws-servicecatalog/README.md Co-authored-by: Dillon --- packages/@aws-cdk/aws-servicecatalog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index 1551dce608152..a7eefc888dbbf 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -256,7 +256,7 @@ portfolio.constrainTagUpdates(product, { ### Notify on stack events -Allows users to subscribe an AWS `SNS` topic to a provisiooned product's Cloudformation stack events. +Allows users to subscribe an AWS `SNS` topic to a provisioned product's CloudFormation stack events. When an end user provisions a product it creates a Cloudformation stack that notifies the subscribed topic on creation, edit, and delete events. An individual `SNS` topic may only have a single subscription to any given portfolio-product association. From 6cad9e43f9f001065c788c1baac559a366bf8ab7 Mon Sep 17 00:00:00 2001 From: arcrank Date: Tue, 1 Mar 2022 14:54:43 -0500 Subject: [PATCH 05/15] Update packages/@aws-cdk/aws-servicecatalog/README.md --- packages/@aws-cdk/aws-servicecatalog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index a7eefc888dbbf..dc8f048610e2d 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -114,7 +114,7 @@ portfolio.shareWithAccount('012345678901'); Products are version friendly infrastructure-as-code templates that admins create and add to portfolios for end users to provision and create AWS resources. The CDK currently only supports adding products of type Cloudformation product. Using the CDK, a new Product can be created with the `CloudFormationProduct` construct. -You can use `CloudFormationTemplate.fromUrl` to create a Product from a Cloudformation template directly from a URL that points to a CloudFormation template in S3, GitHub, or CodeCommit: +You can use `CloudFormationTemplate.fromUrl` to create a Product from a CloudFormation template directly from a URL that points to the template in S3, GitHub, or CodeCommit: ```ts const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', { From 1ab90ce92b097fc3d1ee2ab8b0a1ac8f83d711b7 Mon Sep 17 00:00:00 2001 From: arcrank Date: Tue, 1 Mar 2022 14:54:51 -0500 Subject: [PATCH 06/15] Update packages/@aws-cdk/aws-servicecatalog/README.md --- packages/@aws-cdk/aws-servicecatalog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index dc8f048610e2d..cbe2655680a2f 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -257,7 +257,7 @@ portfolio.constrainTagUpdates(product, { ### Notify on stack events Allows users to subscribe an AWS `SNS` topic to a provisioned product's CloudFormation stack events. -When an end user provisions a product it creates a Cloudformation stack that notifies the subscribed topic on creation, edit, and delete events. +When an end user provisions a product it creates a CloudFormation stack that notifies the subscribed topic on creation, edit, and delete events. An individual `SNS` topic may only have a single subscription to any given portfolio-product association. ```ts fixture=portfolio-product From 256a9b3d419ddfcfe924485477f578f1a109a1d1 Mon Sep 17 00:00:00 2001 From: arcrank Date: Tue, 1 Mar 2022 14:55:40 -0500 Subject: [PATCH 07/15] Update packages/@aws-cdk/aws-servicecatalog/README.md --- packages/@aws-cdk/aws-servicecatalog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index cbe2655680a2f..0f75106aee608 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -132,7 +132,7 @@ const product = new servicecatalog.CloudFormationProduct(this, 'MyFirstProduct', ### Creating a product from a local asset -A `CloudFormationProduct` can also be created by using a Cloudformation template held locally on disk using Assets. +A `CloudFormationProduct` can also be created by using a CloudFormation template held locally on disk using Assets. Assets are files that are uploaded to an S3 Bucket before deployment. `CloudFormationTemplate.fromAsset` can be utilized to create a Product by passing the path to a local template file on your disk: From 256607fdaedc5e5d5cb8dbc1659ab08bc44b1e52 Mon Sep 17 00:00:00 2001 From: arcrank Date: Tue, 1 Mar 2022 14:55:44 -0500 Subject: [PATCH 08/15] Update packages/@aws-cdk/aws-servicecatalog/README.md --- packages/@aws-cdk/aws-servicecatalog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index 0f75106aee608..443d37be70c08 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -161,7 +161,7 @@ const product = new servicecatalog.CloudFormationProduct(this, 'Product', { You can create a Service Catalog `CloudFormationProduct` entirely defined with CDK code using a service catalog `ProductStack`. A separate child stack for your product is created and you can add resources like you would for any other CDK stack, such as an S3 Bucket, IAM roles, and EC2 instances. This stack is passed in as a product version to your -product. This will not create a separate Cloudformation stack during deployment. +product. This will not create a separate CloudFormation stack during deployment. ```ts import * as s3 from '@aws-cdk/aws-s3'; From e8cb1e9b299dfde516b1422672c1713ac9bd17c8 Mon Sep 17 00:00:00 2001 From: Aidan Crank Date: Wed, 2 Mar 2022 12:55:15 -0500 Subject: [PATCH 09/15] update --- packages/@aws-cdk/aws-servicecatalog/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index 443d37be70c08..220beff1a14ed 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -11,11 +11,11 @@ ![cdk-constructs: Developer Preview](https://img.shields.io/badge/cdk--constructs-developer--preview-informational.svg?style=for-the-badge) -> The APIs of higher level constructs in this module are in **developer preview** before they become stable. -> We will only make breaking changes to address unforeseen API issues. Therefore, these APIs are -> not subject to the [Semantic Versioning](https://semver.org/), and breaking changes will be -> announced in the release notes. This means that while you may use them, you may need to update -> your source code when upgrading to a newer version of this package. +> The APIs of higher level constructs in this module are in **developer preview** before they +> become stable. We will only make breaking changes to address unforeseen API issues. Therefore, +> these APIs are not subject to [Semantic Versioning](https://semver.org/), and breaking changes +> will be announced in release notes. This means that while you may use them, you may need to +> update your source code when upgrading to a newer version of this package. --- From 12ecb744a1bd2906427207380f585795d3cc2147 Mon Sep 17 00:00:00 2001 From: arcrank Date: Wed, 2 Mar 2022 14:31:04 -0500 Subject: [PATCH 10/15] Update packages/@aws-cdk/aws-servicecatalog/README.md Co-authored-by: Adam Ruka --- packages/@aws-cdk/aws-servicecatalog/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index 220beff1a14ed..6db362a301ef2 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -60,7 +60,7 @@ new servicecatalog.Portfolio(this, 'Portfolio', { }); ``` -You can also specify optional metadata properties such as `description` and `acceptLanguage` +You can also specify optional metadata properties such as `description` and `messageLanguage` to help better catalog and manage your portfolios. ```ts From ab4ee6da05bc234034f5ec714c959aa012b60f46 Mon Sep 17 00:00:00 2001 From: arcrank Date: Wed, 2 Mar 2022 14:31:14 -0500 Subject: [PATCH 11/15] Update packages/@aws-cdk/aws-servicecatalog/README.md Co-authored-by: Adam Ruka --- packages/@aws-cdk/aws-servicecatalog/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index 6db362a301ef2..47e3f306e5ad8 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -83,7 +83,8 @@ const portfolio = servicecatalog.Portfolio.fromPortfolioArn(this, 'ImportedPortf ### Granting access to a portfolio -You can grant access to and manage the `IAM` users, groups, or roles that have access to the products within a portfolio. Entities with granted access will be able to utilize the portfolios resources and products via the console or AWS CLI. +You can grant access to and manage the `IAM` users, groups, or roles that have access to the products within a portfolio. +Entities with granted access will be able to utilize the portfolios resources and products via the console or AWS CLI. Once resources are deployed end users will be able to access them via the console or service catalog CLI. ```ts fixture=basic-portfolio From 6775b5e3c45bd24c63607a1c27c8ef2f8dcc6659 Mon Sep 17 00:00:00 2001 From: arcrank Date: Wed, 2 Mar 2022 14:31:22 -0500 Subject: [PATCH 12/15] Update packages/@aws-cdk/aws-servicecatalog/README.md Co-authored-by: Adam Ruka --- packages/@aws-cdk/aws-servicecatalog/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index 47e3f306e5ad8..ab55074c0ab64 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -104,7 +104,9 @@ portfolio.giveAccessToGroup(group); ### Sharing a portfolio with another AWS account -You can use account-to-account sharing to distribute a reference to your portfolio to other AWS accounts by passing the recipient account number. After the share is initiated, the recipient account can accept the share via CLI or console by importing the portfolio ID. Changes made to the shared portfolio will automatically propagate to recipients. +You can use account-to-account sharing to distribute a reference to your portfolio to other AWS accounts by passing the recipient account number. +After the share is initiated, the recipient account can accept the share via CLI or console by importing the portfolio ID. +Changes made to the shared portfolio will automatically propagate to recipients. ```ts fixture=basic-portfolio portfolio.shareWithAccount('012345678901'); From 1b4fd0d50b6f061333e2a4760718f4c346dab768 Mon Sep 17 00:00:00 2001 From: arcrank Date: Wed, 2 Mar 2022 14:31:29 -0500 Subject: [PATCH 13/15] Update packages/@aws-cdk/aws-servicecatalog/README.md Co-authored-by: Adam Ruka --- packages/@aws-cdk/aws-servicecatalog/README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index ab55074c0ab64..dafabb9b7fc8d 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -277,7 +277,14 @@ portfolio.notifyOnStackEvents(product, topic2, { ### CloudFormation template parameters constraint -CloudFormation template parameter constraints allow you to configure the provisioning parameters that are available to end users when they launch a product. Template constraint rules consist of one or more assertions that define the default and/or allowable values for a product’s provisioning parameters. You can configure multiple parameter constraints to govern the different provisioning parameters within your products. For example, a rule might define the `EC2` instance types that users can choose from when launching a product that includes one or more `EC2` instances. Parameter rules have an optional `condition` field that allow for rule application to consider conditional evaluations. If a `condition` is specified, all assertions will be applied if the condition evaluates to true. For information on rule-specific intrinsic functions to define rule conditions and assertions, see [AWS Rule Functions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-rules.html). +CloudFormation template parameter constraints allow you to configure the provisioning parameters that are available to end users when they launch a product. +Template constraint rules consist of one or more assertions that define the default and/or allowable values for a product’s provisioning parameters. +You can configure multiple parameter constraints to govern the different provisioning parameters within your products. +For example, a rule might define the `EC2` instance types that users can choose from when launching a product that includes one or more `EC2` instances. +Parameter rules have an optional `condition` field that allow for rule application to consider conditional evaluations. +If a `condition` is specified, all assertions will be applied if the condition evaluates to true. +For information on rule-specific intrinsic functions to define rule conditions and assertions, +see [AWS Rule Functions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-rules.html). ```ts fixture=portfolio-product import * as cdk from '@aws-cdk/core'; From 7352d36dc0a89eb096af5126ac9ea7936d656d15 Mon Sep 17 00:00:00 2001 From: arcrank Date: Wed, 2 Mar 2022 14:31:37 -0500 Subject: [PATCH 14/15] Update packages/@aws-cdk/aws-servicecatalog/README.md Co-authored-by: Adam Ruka --- packages/@aws-cdk/aws-servicecatalog/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index dafabb9b7fc8d..31f4f01f77ea5 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -350,7 +350,8 @@ to understand the permissions that launch roles need. A StackSets deployment constraint allows you to configure product deployment options using [AWS CloudFormation StackSets](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/using-stacksets.html). -You can specify one or more accounts and regions into which stack instances will launch when the product is provisioned. There is an additional field `allowStackSetInstanceOperations` that sets ability for end users to create, edit, or delete the stacks created by the StackSet. +You can specify one or more accounts and regions into which stack instances will launch when the product is provisioned. +There is an additional field `allowStackSetInstanceOperations` that sets ability for end users to create, edit, or delete the stacks created by the StackSet. By default, this field is set to `false`. When launching a StackSets product, end users can select from the list of accounts and regions configured in the constraint to determine where the Stack Instances will deploy and the order of deployment. You can only define one StackSets deployment configuration per portfolio-product association, From 3f60aa64c995335c380ae8dbfd522da892e2b7b2 Mon Sep 17 00:00:00 2001 From: arcrank Date: Wed, 2 Mar 2022 14:35:37 -0500 Subject: [PATCH 15/15] Update packages/@aws-cdk/aws-servicecatalog/README.md Co-authored-by: Adam Ruka --- packages/@aws-cdk/aws-servicecatalog/README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-servicecatalog/README.md b/packages/@aws-cdk/aws-servicecatalog/README.md index 31f4f01f77ea5..54c28a0b46201 100644 --- a/packages/@aws-cdk/aws-servicecatalog/README.md +++ b/packages/@aws-cdk/aws-servicecatalog/README.md @@ -303,7 +303,12 @@ portfolio.constrainCloudFormationParameters(product, { ### Set launch role -Allows you to configure a specific `IAM` role that Service Catalog assumes on behalf of the end user when launching a product. By setting a launch role constraint, you can maintain least permissions for an end user when launching a product. For example, a launch role can grant permissions for specific resource creation like an `S3` bucket that the user. The launch role must be assumed by the Service Catalog principal. You can only have one launch role set for a portfolio-product association, and you cannot set a launch role on a product that already has a StackSets deployment configured. +Allows you to configure a specific `IAM` role that Service Catalog assumes on behalf of the end user when launching a product. +By setting a launch role constraint, you can maintain least permissions for an end user when launching a product. +For example, a launch role can grant permissions for specific resource creation like an `S3` bucket that the user. +The launch role must be assumed by the Service Catalog principal. +You can only have one launch role set for a portfolio-product association, +and you cannot set a launch role on a product that already has a StackSets deployment configured. ```ts fixture=portfolio-product import * as iam from '@aws-cdk/aws-iam';