Closed shydhanya closed 1 year ago
can you share the generated cloudformation template and the logs please.
Cloudformation template which has failed while adding role to Portfolio association -
AWSTemplateFormatVersion: '2010-09-09' Description: Associations for Provision-CodeCommit-Repository-test-vend-port {"version": "XXX", "framework": "servicecatalog-factory", "role": "portfolio-associations"}
Conditions: ShouldDoAnything: !Equals [ true, false]
Resources: NoOp: Type: AWS::S3::Bucket Condition: ShouldDoAnything
Association1: Type: AWS::ServiceCatalog::PortfolioPrincipalAssociation Properties: PrincipalARN: !Sub "arn:aws:iam::${AWS::AccountId}:role/servicecatalog-puppet/PuppetRole" PortfolioId: port-rus5qocyoexp4 PrincipalType: IAM
the use of wildcard only supports roles at the moment and not users
added wildcard support for groups and users in https://github.com/awslabs/aws-service-catalog-puppet/releases/tag/0.208.0
We need to associate a SSO role with dynamic values in role name to products during deployment.
Portfolio Association -
Error-
Product Association -
No error, but role is not associated in spoke accounts.
Expected results
Existing SSO Role with prefixed static values should be associated to products in specific account.
Actual results
Puppet pipeline is successful, but the SSO roles are not associated.