eamonnfaherty
commented
1 year ago can you share the generated cloudformation template and the logs please.
Closed shydhanya closed 1 year ago
eamonnfaherty
commented
1 year ago can you share the generated cloudformation template and the logs please.
shydhanya
commented
1 year ago Cloudformation template which has failed while adding role to Portfolio association -
AWSTemplateFormatVersion: '2010-09-09' Description: Associations for Provision-CodeCommit-Repository-test-vend-port {"version": "XXX", "framework": "servicecatalog-factory", "role": "portfolio-associations"}
Conditions: ShouldDoAnything: !Equals [ true, false]
Resources: NoOp: Type: AWS::S3::Bucket Condition: ShouldDoAnything
Association1: Type: AWS::ServiceCatalog::PortfolioPrincipalAssociation Properties: PrincipalARN: !Sub "arn:aws:iam::${AWS::AccountId}:role/servicecatalog-puppet/PuppetRole" PortfolioId: port-rus5qocyoexp4 PrincipalType: IAM
eamonnfaherty
commented
1 year ago the use of wildcard only supports roles at the moment and not users
eamonnfaherty
commented
1 year ago added wildcard support for groups and users in https://github.com/awslabs/aws-service-catalog-puppet/releases/tag/0.208.0
We need to associate a SSO role with dynamic values in role name to products during deployment.
Portfolio Association -
Error-
Product Association -
No error, but role is not associated in spoke accounts.
Expected results
Existing SSO Role with prefixed static values should be associated to products in specific account.
Actual results
Puppet pipeline is successful, but the SSO roles are not associated.