Any AWS Account within the Cornell AWS Organization has access to the IT@Cornell Service Catalog Portfolio. Service Catalog is an AWS offering that allows us to give our member AWS Account Administrators templated, self-service "Products" which define a standalone IT service or tool.
Account Administrators have full control over which IAM Groups, Roles and Users are allowed to launch Products from the IT@Cornell Portfolio. By default, our Portfolio is visible within member accounts but no IAM Roles are given permission to launch any Products contained within it. This document describes the steps to enable IT@Cornell Products for your account's shib-admin
IAM Role within the AWS Console.
It is certainly possible to use this same process to enable the same Products for other IAM Roles in your account. If that is your goal, make sure to follow the AWS Documentation to ensure the Role has the proper permissions to launch Service Catalog Products and their underlying resources.
shib-admin
and select the shib-admin
Role