Any AWS Account within the Cornell AWS Organization has access to the IT@Cornell Service Catalog Portfolio. Service Catalog is an AWS offering that allows us to give our member AWS Account Administrators templated, self-service "Products" which define a standalone IT service or tool.
Account Administrators have full control over which IAM Groups, Roles and Users are allowed to launch Products from the IT@Cornell Portfolio. By default, shib-admin members can launch and of our Portfolio products.
This document describes the steps to enable additional IAM Principals to the IT@Cornell Products for your account. (ie. sso-admin, shib-devs, shib-dbas, etc...)
- Log in to your Cornell AWS Account
- Make sure you are in the us-east-1 (N. Virginia) Region
- Navigate to the Imported Portfolios section of the AWS Service Catalog Console
- Click the IT@Cornell Portfolio
- Select the "Access" tab
- Click the "Grant access" button
- Select the "IAM Principal" radio button
- Select the "Roles" tab
- Search for the desired role to add
- Click the "Grant Access" button
- The IT@Cornell Products are now visible and launch-able in the Products Section for the newly provisioned IAM Principal.
