The roles in this section support the launching of ServiceCatalog Products as launch constraints. You can create them all at once or individually depending on the portfolio you are deploying. The EndUser Policy and group is used by all portfolios and should be created before any Portfolios.
See the ServiceCatalog IAM Guide for more details. Users, groups, and roles which will be provisioning Service Catalog products must have the AWSServiceCatalogEndUserFullAccess managed policy attached. If you have other roles which you want to give access to a portfolio, then use LinkedRole1 and LinkedRole2. If you wish to add other users or groups directly, then modify the portfolio templates with the PortfolioPrincipalAssociation resource.
Create CodeCommit User:
https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html
Create ITSM demo environment:
For the ServiceNow Connector instructions click here: https://aws.amazon.com/blogs/mt/how-to-install-and-configure-the-aws-service-catalog-connector-for-servicenow/
The following stacks are automatically created when the portfolios are launched, you usually do not need to launch them separately.
Create End Users Policy and group:
Create All roles:
Create EC2 and VPC roles:
Create S3 roles:
Create EMR roles:
Create RDS roles: