summaryrefslogtreecommitdiff
path: root/python-aws-cdk-aws-servicecatalog-alpha.spec
diff options
context:
space:
mode:
Diffstat (limited to 'python-aws-cdk-aws-servicecatalog-alpha.spec')
-rw-r--r--python-aws-cdk-aws-servicecatalog-alpha.spec940
1 files changed, 940 insertions, 0 deletions
diff --git a/python-aws-cdk-aws-servicecatalog-alpha.spec b/python-aws-cdk-aws-servicecatalog-alpha.spec
new file mode 100644
index 0000000..1301f4e
--- /dev/null
+++ b/python-aws-cdk-aws-servicecatalog-alpha.spec
@@ -0,0 +1,940 @@
+%global _empty_manifest_terminate_build 0
+Name: python-aws-cdk.aws-servicecatalog-alpha
+Version: 2.22.0a0
+Release: 1
+Summary: The CDK Construct Library for AWS::ServiceCatalog
+License: Apache-2.0
+URL: https://github.com/aws/aws-cdk
+Source0: https://mirrors.nju.edu.cn/pypi/web/packages/fe/8f/e29515d8b73cf1f6a673dd227758235d2fec0ca54500a128fe3a219fbc64/aws-cdk.aws-servicecatalog-alpha-2.22.0a0.tar.gz
+BuildArch: noarch
+
+Requires: python3-aws-cdk-lib
+Requires: python3-constructs
+Requires: python3-jsii
+Requires: python3-publication
+
+%description
+<!--END STABILITY BANNER-->
+[AWS Service Catalog](https://docs.aws.amazon.com/servicecatalog/latest/dg/what-is-service-catalog.html)
+enables organizations to create and manage catalogs of products for their end users that are approved for use on AWS.
+## Table Of Contents
+* [Portfolio](#portfolio)
+ * [Granting access to a portfolio](#granting-access-to-a-portfolio)
+ * [Sharing a portfolio with another AWS account](#sharing-a-portfolio-with-another-aws-account)
+* [Product](#product)
+ * [Creating a product from a local asset](#creating-a-product-from-local-asset)
+ * [Creating a product from a stack](#creating-a-product-from-a-stack)
+ * [Adding a product to a portfolio](#adding-a-product-to-a-portfolio)
+* [TagOptions](#tag-options)
+* [Constraints](#constraints)
+ * [Tag update constraint](#tag-update-constraint)
+ * [Notify on stack events](#notify-on-stack-events)
+ * [CloudFormation template parameters constraint](#cloudformation-template-parameters-constraint)
+ * [Set launch role](#set-launch-role)
+ * [Deploy with StackSets](#deploy-with-stacksets)
+The `@aws-cdk/aws-servicecatalog` package contains resources that enable users to automate governance and management of their AWS resources at scale.
+```python
+import aws_cdk.aws_servicecatalog_alpha as servicecatalog
+```
+## Portfolio
+AWS Service Catalog portfolios allow administrators to organize, manage, and distribute cloud resources for their end users.
+Using the CDK, a new portfolio can be created with the `Portfolio` construct:
+```python
+servicecatalog.Portfolio(self, "Portfolio",
+ display_name="MyPortfolio",
+ provider_name="MyTeam"
+)
+```
+You can also specify optional metadata properties such as `description` and `messageLanguage`
+to help better catalog and manage your portfolios.
+```python
+servicecatalog.Portfolio(self, "Portfolio",
+ display_name="MyFirstPortfolio",
+ provider_name="SCAdmin",
+ description="Portfolio for a project",
+ message_language=servicecatalog.MessageLanguage.EN
+)
+```
+Read more at [Creating and Managing Portfolios](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios.html).
+To reference an existing portfolio into your CDK application, use the `Portfolio.fromPortfolioArn()` factory method:
+```python
+portfolio = servicecatalog.Portfolio.from_portfolio_arn(self, "ReferencedPortfolio", "arn:aws:catalog:region:account-id:portfolio/port-abcdefghi")
+```
+### Granting access to a portfolio
+You can grant access to and manage the `IAM` users, groups, or roles that have access to the products within a portfolio.
+Entities with granted access will be able to utilize the portfolios resources and products via the console or AWS CLI.
+Once resources are deployed end users will be able to access them via the console or service catalog CLI.
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+user = iam.User(self, "User")
+portfolio.give_access_to_user(user)
+role = iam.Role(self, "Role",
+ assumed_by=iam.AccountRootPrincipal()
+)
+portfolio.give_access_to_role(role)
+group = iam.Group(self, "Group")
+portfolio.give_access_to_group(group)
+```
+### Sharing a portfolio with another AWS account
+You can use account-to-account sharing to distribute a reference to your portfolio to other AWS accounts by passing the recipient account number.
+After the share is initiated, the recipient account can accept the share via CLI or console by importing the portfolio ID.
+Changes made to the shared portfolio will automatically propagate to recipients.
+```python
+# portfolio: servicecatalog.Portfolio
+portfolio.share_with_account("012345678901")
+```
+## Product
+Products are version friendly infrastructure-as-code templates that admins create and add to portfolios for end users to provision and create AWS resources.
+Service Catalog supports products from AWS Marketplace or ones defined by a CloudFormation template.
+The CDK currently only supports adding products of type CloudFormation.
+Using the CDK, a new Product can be created with the `CloudFormationProduct` construct.
+You can use `CloudFormationTemplate.fromUrl` to create a Product from a CloudFormation template directly from a URL that points to the template in S3, GitHub, or CodeCommit:
+```python
+product = servicecatalog.CloudFormationProduct(self, "MyFirstProduct",
+ product_name="My Product",
+ owner="Product Owner",
+ product_versions=[servicecatalog.CloudFormationProductVersion(
+ product_version_name="v1",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_url("https://raw.githubusercontent.com/awslabs/aws-cloudformation-templates/master/aws/services/ServiceCatalog/Product.yaml")
+ )
+ ]
+)
+```
+### Creating a product from a local asset
+A `CloudFormationProduct` can also be created by using a CloudFormation template held locally on disk using Assets.
+Assets are files that are uploaded to an S3 Bucket before deployment.
+`CloudFormationTemplate.fromAsset` can be utilized to create a Product by passing the path to a local template file on your disk:
+```python
+import path as path
+product = servicecatalog.CloudFormationProduct(self, "Product",
+ product_name="My Product",
+ owner="Product Owner",
+ product_versions=[servicecatalog.CloudFormationProductVersion(
+ product_version_name="v1",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_url("https://raw.githubusercontent.com/awslabs/aws-cloudformation-templates/master/aws/services/ServiceCatalog/Product.yaml")
+ ), servicecatalog.CloudFormationProductVersion(
+ product_version_name="v2",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_asset(path.join(__dirname, "development-environment.template.json"))
+ )
+ ]
+)
+```
+### Creating a product from a stack
+You can create a Service Catalog `CloudFormationProduct` entirely defined with CDK code using a service catalog `ProductStack`.
+A separate child stack for your product is created and you can add resources like you would for any other CDK stack,
+such as an S3 Bucket, IAM roles, and EC2 instances. This stack is passed in as a product version to your
+product. This will not create a separate CloudFormation stack during deployment.
+```python
+import aws_cdk.aws_s3 as s3
+import aws_cdk as cdk
+class S3BucketProduct(servicecatalog.ProductStack):
+ def __init__(self, scope, id):
+ super().__init__(scope, id)
+ s3.Bucket(self, "BucketProduct")
+product = servicecatalog.CloudFormationProduct(self, "Product",
+ product_name="My Product",
+ owner="Product Owner",
+ product_versions=[servicecatalog.CloudFormationProductVersion(
+ product_version_name="v1",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_product_stack(S3BucketProduct(self, "S3BucketProduct"))
+ )
+ ]
+)
+```
+### Adding a product to a portfolio
+You add products to a portfolio to organize and distribute your catalog at scale. Adding a product to a portfolio creates an association,
+and the product will become visible within the portfolio side in both the Service Catalog console and AWS CLI.
+You can add a product to multiple portfolios depending on your organizational structure and how you would like to group access to products.
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+portfolio.add_product(product)
+```
+## Tag Options
+TagOptions allow administrators to easily manage tags on provisioned products by providing a template for a selection of tags that end users choose from.
+TagOptions are created by specifying a tag key with a set of allowed values and can be associated with both portfolios and products.
+When launching a product, both the TagOptions associated with the product and the containing portfolio are made available.
+At the moment, TagOptions can only be deactivated in the console.
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+tag_options_for_portfolio = servicecatalog.TagOptions(self, "OrgTagOptions",
+ allowed_values_for_tags={
+ "Group": ["finance", "engineering", "marketing", "research"],
+ "CostCenter": ["01", "02", "03"]
+ }
+)
+portfolio.associate_tag_options(tag_options_for_portfolio)
+tag_options_for_product = servicecatalog.TagOptions(self, "ProductTagOptions",
+ allowed_values_for_tags={
+ "Environment": ["dev", "alpha", "prod"]
+ }
+)
+product.associate_tag_options(tag_options_for_product)
+```
+## Constraints
+Constraints are governance gestures that you place on product-portfolio associations that allow you to manage minimal launch permissions, notifications, and other optional actions that end users can perform on products.
+Using the CDK, if you do not explicitly associate a product to a portfolio and add a constraint, it will automatically add an association for you.
+There are rules around how constraints are applied to portfolio-product associations.
+For example, you can only have a single "launch role" constraint applied to a portfolio-product association.
+If a misconfigured constraint is added, `synth` will fail with an error message.
+Read more at [Service Catalog Constraints](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints.html).
+### Tag update constraint
+Tag update constraints allow or disallow end users to update tags on resources associated with an AWS Service Catalog product upon provisioning.
+By default, if a Tag Update constraint is not configured, tag updating is not permitted.
+If tag updating is allowed, then new tags associated with the product or portfolio will be applied to provisioned resources during a provisioned product update.
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+portfolio.add_product(product)
+portfolio.constrain_tag_updates(product)
+```
+If you want to disable this feature later on, you can update it by setting the "allow" parameter to `false`:
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+# to disable tag updates:
+portfolio.constrain_tag_updates(product,
+ allow=False
+)
+```
+### Notify on stack events
+Allows users to subscribe an AWS `SNS` topic to a provisioned product's CloudFormation stack events.
+When an end user provisions a product it creates a CloudFormation stack that notifies the subscribed topic on creation, edit, and delete events.
+An individual `SNS` topic may only have a single subscription to any given portfolio-product association.
+```python
+import aws_cdk.aws_sns as sns
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+topic1 = sns.Topic(self, "Topic1")
+portfolio.notify_on_stack_events(product, topic1)
+topic2 = sns.Topic(self, "Topic2")
+portfolio.notify_on_stack_events(product, topic2,
+ description="description for topic2"
+)
+```
+### CloudFormation template parameters constraint
+CloudFormation template parameter constraints allow you to configure the provisioning parameters that are available to end users when they launch a product.
+Template constraint rules consist of one or more assertions that define the default and/or allowable values for a product’s provisioning parameters.
+You can configure multiple parameter constraints to govern the different provisioning parameters within your products.
+For example, a rule might define the `EC2` instance types that users can choose from when launching a product that includes one or more `EC2` instances.
+Parameter rules have an optional `condition` field that allow for rule application to consider conditional evaluations.
+If a `condition` is specified, all assertions will be applied if the condition evaluates to true.
+For information on rule-specific intrinsic functions to define rule conditions and assertions,
+see [AWS Rule Functions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-rules.html).
+```python
+import aws_cdk as cdk
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+portfolio.constrain_cloud_formation_parameters(product,
+ rule=servicecatalog.TemplateRule(
+ rule_name="testInstanceType",
+ condition=cdk.Fn.condition_equals(cdk.Fn.ref("Environment"), "test"),
+ assertions=[servicecatalog.TemplateRuleAssertion(
+ assert=cdk.Fn.condition_contains(["t2.micro", "t2.small"], cdk.Fn.ref("InstanceType")),
+ description="For test environment, the instance type should be small"
+ )]
+ )
+)
+```
+### Set launch role
+Allows you to configure a specific `IAM` role that Service Catalog assumes on behalf of the end user when launching a product.
+By setting a launch role constraint, you can maintain least permissions for an end user when launching a product.
+For example, a launch role can grant permissions for specific resource creation like an `S3` bucket that the user.
+The launch role must be assumed by the Service Catalog principal.
+You can only have one launch role set for a portfolio-product association,
+and you cannot set a launch role on a product that already has a StackSets deployment configured.
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+launch_role = iam.Role(self, "LaunchRole",
+ assumed_by=iam.ServicePrincipal("servicecatalog.amazonaws.com")
+)
+portfolio.set_launch_role(product, launch_role)
+```
+You can also set the launch role using just the name of a role which is locally deployed in end user accounts.
+This is useful for when roles and users are separately managed outside of the CDK.
+The given role must exist in both the account that creates the launch role constraint,
+as well as in any end user accounts that wish to provision a product with the launch role.
+You can do this by passing in the role with an explicitly set name:
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+launch_role = iam.Role(self, "LaunchRole",
+ role_name="MyRole",
+ assumed_by=iam.ServicePrincipal("servicecatalog.amazonaws.com")
+)
+portfolio.set_local_launch_role(product, launch_role)
+```
+Or you can simply pass in a role name and CDK will create a role with that name that trusts service catalog in the account:
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+role_name = "MyRole"
+launch_role = portfolio.set_local_launch_role_name(product, role_name)
+```
+See [Launch Constraint](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints-launch.html) documentation
+to understand the permissions that launch roles need.
+### Deploy with StackSets
+A StackSets deployment constraint allows you to configure product deployment options using
+[AWS CloudFormation StackSets](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/using-stacksets.html).
+You can specify one or more accounts and regions into which stack instances will launch when the product is provisioned.
+There is an additional field `allowStackSetInstanceOperations` that sets ability for end users to create, edit, or delete the stacks created by the StackSet.
+By default, this field is set to `false`.
+When launching a StackSets product, end users can select from the list of accounts and regions configured in the constraint to determine where the Stack Instances will deploy and the order of deployment.
+You can only define one StackSets deployment configuration per portfolio-product association,
+and you cannot both set a launch role and StackSets deployment configuration for an assocation.
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+admin_role = iam.Role(self, "AdminRole",
+ assumed_by=iam.AccountRootPrincipal()
+)
+portfolio.deploy_with_stack_sets(product,
+ accounts=["012345678901", "012345678902", "012345678903"],
+ regions=["us-west-1", "us-east-1", "us-west-2", "us-east-1"],
+ admin_role=admin_role,
+ execution_role_name="SCStackSetExecutionRole", # Name of role deployed in end users accounts.
+ allow_stack_set_instance_operations=True
+)
+```
+
+%package -n python3-aws-cdk.aws-servicecatalog-alpha
+Summary: The CDK Construct Library for AWS::ServiceCatalog
+Provides: python-aws-cdk.aws-servicecatalog-alpha
+BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+BuildRequires: python3-pip
+%description -n python3-aws-cdk.aws-servicecatalog-alpha
+<!--END STABILITY BANNER-->
+[AWS Service Catalog](https://docs.aws.amazon.com/servicecatalog/latest/dg/what-is-service-catalog.html)
+enables organizations to create and manage catalogs of products for their end users that are approved for use on AWS.
+## Table Of Contents
+* [Portfolio](#portfolio)
+ * [Granting access to a portfolio](#granting-access-to-a-portfolio)
+ * [Sharing a portfolio with another AWS account](#sharing-a-portfolio-with-another-aws-account)
+* [Product](#product)
+ * [Creating a product from a local asset](#creating-a-product-from-local-asset)
+ * [Creating a product from a stack](#creating-a-product-from-a-stack)
+ * [Adding a product to a portfolio](#adding-a-product-to-a-portfolio)
+* [TagOptions](#tag-options)
+* [Constraints](#constraints)
+ * [Tag update constraint](#tag-update-constraint)
+ * [Notify on stack events](#notify-on-stack-events)
+ * [CloudFormation template parameters constraint](#cloudformation-template-parameters-constraint)
+ * [Set launch role](#set-launch-role)
+ * [Deploy with StackSets](#deploy-with-stacksets)
+The `@aws-cdk/aws-servicecatalog` package contains resources that enable users to automate governance and management of their AWS resources at scale.
+```python
+import aws_cdk.aws_servicecatalog_alpha as servicecatalog
+```
+## Portfolio
+AWS Service Catalog portfolios allow administrators to organize, manage, and distribute cloud resources for their end users.
+Using the CDK, a new portfolio can be created with the `Portfolio` construct:
+```python
+servicecatalog.Portfolio(self, "Portfolio",
+ display_name="MyPortfolio",
+ provider_name="MyTeam"
+)
+```
+You can also specify optional metadata properties such as `description` and `messageLanguage`
+to help better catalog and manage your portfolios.
+```python
+servicecatalog.Portfolio(self, "Portfolio",
+ display_name="MyFirstPortfolio",
+ provider_name="SCAdmin",
+ description="Portfolio for a project",
+ message_language=servicecatalog.MessageLanguage.EN
+)
+```
+Read more at [Creating and Managing Portfolios](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios.html).
+To reference an existing portfolio into your CDK application, use the `Portfolio.fromPortfolioArn()` factory method:
+```python
+portfolio = servicecatalog.Portfolio.from_portfolio_arn(self, "ReferencedPortfolio", "arn:aws:catalog:region:account-id:portfolio/port-abcdefghi")
+```
+### Granting access to a portfolio
+You can grant access to and manage the `IAM` users, groups, or roles that have access to the products within a portfolio.
+Entities with granted access will be able to utilize the portfolios resources and products via the console or AWS CLI.
+Once resources are deployed end users will be able to access them via the console or service catalog CLI.
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+user = iam.User(self, "User")
+portfolio.give_access_to_user(user)
+role = iam.Role(self, "Role",
+ assumed_by=iam.AccountRootPrincipal()
+)
+portfolio.give_access_to_role(role)
+group = iam.Group(self, "Group")
+portfolio.give_access_to_group(group)
+```
+### Sharing a portfolio with another AWS account
+You can use account-to-account sharing to distribute a reference to your portfolio to other AWS accounts by passing the recipient account number.
+After the share is initiated, the recipient account can accept the share via CLI or console by importing the portfolio ID.
+Changes made to the shared portfolio will automatically propagate to recipients.
+```python
+# portfolio: servicecatalog.Portfolio
+portfolio.share_with_account("012345678901")
+```
+## Product
+Products are version friendly infrastructure-as-code templates that admins create and add to portfolios for end users to provision and create AWS resources.
+Service Catalog supports products from AWS Marketplace or ones defined by a CloudFormation template.
+The CDK currently only supports adding products of type CloudFormation.
+Using the CDK, a new Product can be created with the `CloudFormationProduct` construct.
+You can use `CloudFormationTemplate.fromUrl` to create a Product from a CloudFormation template directly from a URL that points to the template in S3, GitHub, or CodeCommit:
+```python
+product = servicecatalog.CloudFormationProduct(self, "MyFirstProduct",
+ product_name="My Product",
+ owner="Product Owner",
+ product_versions=[servicecatalog.CloudFormationProductVersion(
+ product_version_name="v1",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_url("https://raw.githubusercontent.com/awslabs/aws-cloudformation-templates/master/aws/services/ServiceCatalog/Product.yaml")
+ )
+ ]
+)
+```
+### Creating a product from a local asset
+A `CloudFormationProduct` can also be created by using a CloudFormation template held locally on disk using Assets.
+Assets are files that are uploaded to an S3 Bucket before deployment.
+`CloudFormationTemplate.fromAsset` can be utilized to create a Product by passing the path to a local template file on your disk:
+```python
+import path as path
+product = servicecatalog.CloudFormationProduct(self, "Product",
+ product_name="My Product",
+ owner="Product Owner",
+ product_versions=[servicecatalog.CloudFormationProductVersion(
+ product_version_name="v1",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_url("https://raw.githubusercontent.com/awslabs/aws-cloudformation-templates/master/aws/services/ServiceCatalog/Product.yaml")
+ ), servicecatalog.CloudFormationProductVersion(
+ product_version_name="v2",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_asset(path.join(__dirname, "development-environment.template.json"))
+ )
+ ]
+)
+```
+### Creating a product from a stack
+You can create a Service Catalog `CloudFormationProduct` entirely defined with CDK code using a service catalog `ProductStack`.
+A separate child stack for your product is created and you can add resources like you would for any other CDK stack,
+such as an S3 Bucket, IAM roles, and EC2 instances. This stack is passed in as a product version to your
+product. This will not create a separate CloudFormation stack during deployment.
+```python
+import aws_cdk.aws_s3 as s3
+import aws_cdk as cdk
+class S3BucketProduct(servicecatalog.ProductStack):
+ def __init__(self, scope, id):
+ super().__init__(scope, id)
+ s3.Bucket(self, "BucketProduct")
+product = servicecatalog.CloudFormationProduct(self, "Product",
+ product_name="My Product",
+ owner="Product Owner",
+ product_versions=[servicecatalog.CloudFormationProductVersion(
+ product_version_name="v1",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_product_stack(S3BucketProduct(self, "S3BucketProduct"))
+ )
+ ]
+)
+```
+### Adding a product to a portfolio
+You add products to a portfolio to organize and distribute your catalog at scale. Adding a product to a portfolio creates an association,
+and the product will become visible within the portfolio side in both the Service Catalog console and AWS CLI.
+You can add a product to multiple portfolios depending on your organizational structure and how you would like to group access to products.
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+portfolio.add_product(product)
+```
+## Tag Options
+TagOptions allow administrators to easily manage tags on provisioned products by providing a template for a selection of tags that end users choose from.
+TagOptions are created by specifying a tag key with a set of allowed values and can be associated with both portfolios and products.
+When launching a product, both the TagOptions associated with the product and the containing portfolio are made available.
+At the moment, TagOptions can only be deactivated in the console.
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+tag_options_for_portfolio = servicecatalog.TagOptions(self, "OrgTagOptions",
+ allowed_values_for_tags={
+ "Group": ["finance", "engineering", "marketing", "research"],
+ "CostCenter": ["01", "02", "03"]
+ }
+)
+portfolio.associate_tag_options(tag_options_for_portfolio)
+tag_options_for_product = servicecatalog.TagOptions(self, "ProductTagOptions",
+ allowed_values_for_tags={
+ "Environment": ["dev", "alpha", "prod"]
+ }
+)
+product.associate_tag_options(tag_options_for_product)
+```
+## Constraints
+Constraints are governance gestures that you place on product-portfolio associations that allow you to manage minimal launch permissions, notifications, and other optional actions that end users can perform on products.
+Using the CDK, if you do not explicitly associate a product to a portfolio and add a constraint, it will automatically add an association for you.
+There are rules around how constraints are applied to portfolio-product associations.
+For example, you can only have a single "launch role" constraint applied to a portfolio-product association.
+If a misconfigured constraint is added, `synth` will fail with an error message.
+Read more at [Service Catalog Constraints](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints.html).
+### Tag update constraint
+Tag update constraints allow or disallow end users to update tags on resources associated with an AWS Service Catalog product upon provisioning.
+By default, if a Tag Update constraint is not configured, tag updating is not permitted.
+If tag updating is allowed, then new tags associated with the product or portfolio will be applied to provisioned resources during a provisioned product update.
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+portfolio.add_product(product)
+portfolio.constrain_tag_updates(product)
+```
+If you want to disable this feature later on, you can update it by setting the "allow" parameter to `false`:
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+# to disable tag updates:
+portfolio.constrain_tag_updates(product,
+ allow=False
+)
+```
+### Notify on stack events
+Allows users to subscribe an AWS `SNS` topic to a provisioned product's CloudFormation stack events.
+When an end user provisions a product it creates a CloudFormation stack that notifies the subscribed topic on creation, edit, and delete events.
+An individual `SNS` topic may only have a single subscription to any given portfolio-product association.
+```python
+import aws_cdk.aws_sns as sns
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+topic1 = sns.Topic(self, "Topic1")
+portfolio.notify_on_stack_events(product, topic1)
+topic2 = sns.Topic(self, "Topic2")
+portfolio.notify_on_stack_events(product, topic2,
+ description="description for topic2"
+)
+```
+### CloudFormation template parameters constraint
+CloudFormation template parameter constraints allow you to configure the provisioning parameters that are available to end users when they launch a product.
+Template constraint rules consist of one or more assertions that define the default and/or allowable values for a product’s provisioning parameters.
+You can configure multiple parameter constraints to govern the different provisioning parameters within your products.
+For example, a rule might define the `EC2` instance types that users can choose from when launching a product that includes one or more `EC2` instances.
+Parameter rules have an optional `condition` field that allow for rule application to consider conditional evaluations.
+If a `condition` is specified, all assertions will be applied if the condition evaluates to true.
+For information on rule-specific intrinsic functions to define rule conditions and assertions,
+see [AWS Rule Functions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-rules.html).
+```python
+import aws_cdk as cdk
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+portfolio.constrain_cloud_formation_parameters(product,
+ rule=servicecatalog.TemplateRule(
+ rule_name="testInstanceType",
+ condition=cdk.Fn.condition_equals(cdk.Fn.ref("Environment"), "test"),
+ assertions=[servicecatalog.TemplateRuleAssertion(
+ assert=cdk.Fn.condition_contains(["t2.micro", "t2.small"], cdk.Fn.ref("InstanceType")),
+ description="For test environment, the instance type should be small"
+ )]
+ )
+)
+```
+### Set launch role
+Allows you to configure a specific `IAM` role that Service Catalog assumes on behalf of the end user when launching a product.
+By setting a launch role constraint, you can maintain least permissions for an end user when launching a product.
+For example, a launch role can grant permissions for specific resource creation like an `S3` bucket that the user.
+The launch role must be assumed by the Service Catalog principal.
+You can only have one launch role set for a portfolio-product association,
+and you cannot set a launch role on a product that already has a StackSets deployment configured.
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+launch_role = iam.Role(self, "LaunchRole",
+ assumed_by=iam.ServicePrincipal("servicecatalog.amazonaws.com")
+)
+portfolio.set_launch_role(product, launch_role)
+```
+You can also set the launch role using just the name of a role which is locally deployed in end user accounts.
+This is useful for when roles and users are separately managed outside of the CDK.
+The given role must exist in both the account that creates the launch role constraint,
+as well as in any end user accounts that wish to provision a product with the launch role.
+You can do this by passing in the role with an explicitly set name:
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+launch_role = iam.Role(self, "LaunchRole",
+ role_name="MyRole",
+ assumed_by=iam.ServicePrincipal("servicecatalog.amazonaws.com")
+)
+portfolio.set_local_launch_role(product, launch_role)
+```
+Or you can simply pass in a role name and CDK will create a role with that name that trusts service catalog in the account:
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+role_name = "MyRole"
+launch_role = portfolio.set_local_launch_role_name(product, role_name)
+```
+See [Launch Constraint](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints-launch.html) documentation
+to understand the permissions that launch roles need.
+### Deploy with StackSets
+A StackSets deployment constraint allows you to configure product deployment options using
+[AWS CloudFormation StackSets](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/using-stacksets.html).
+You can specify one or more accounts and regions into which stack instances will launch when the product is provisioned.
+There is an additional field `allowStackSetInstanceOperations` that sets ability for end users to create, edit, or delete the stacks created by the StackSet.
+By default, this field is set to `false`.
+When launching a StackSets product, end users can select from the list of accounts and regions configured in the constraint to determine where the Stack Instances will deploy and the order of deployment.
+You can only define one StackSets deployment configuration per portfolio-product association,
+and you cannot both set a launch role and StackSets deployment configuration for an assocation.
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+admin_role = iam.Role(self, "AdminRole",
+ assumed_by=iam.AccountRootPrincipal()
+)
+portfolio.deploy_with_stack_sets(product,
+ accounts=["012345678901", "012345678902", "012345678903"],
+ regions=["us-west-1", "us-east-1", "us-west-2", "us-east-1"],
+ admin_role=admin_role,
+ execution_role_name="SCStackSetExecutionRole", # Name of role deployed in end users accounts.
+ allow_stack_set_instance_operations=True
+)
+```
+
+%package help
+Summary: Development documents and examples for aws-cdk.aws-servicecatalog-alpha
+Provides: python3-aws-cdk.aws-servicecatalog-alpha-doc
+%description help
+<!--END STABILITY BANNER-->
+[AWS Service Catalog](https://docs.aws.amazon.com/servicecatalog/latest/dg/what-is-service-catalog.html)
+enables organizations to create and manage catalogs of products for their end users that are approved for use on AWS.
+## Table Of Contents
+* [Portfolio](#portfolio)
+ * [Granting access to a portfolio](#granting-access-to-a-portfolio)
+ * [Sharing a portfolio with another AWS account](#sharing-a-portfolio-with-another-aws-account)
+* [Product](#product)
+ * [Creating a product from a local asset](#creating-a-product-from-local-asset)
+ * [Creating a product from a stack](#creating-a-product-from-a-stack)
+ * [Adding a product to a portfolio](#adding-a-product-to-a-portfolio)
+* [TagOptions](#tag-options)
+* [Constraints](#constraints)
+ * [Tag update constraint](#tag-update-constraint)
+ * [Notify on stack events](#notify-on-stack-events)
+ * [CloudFormation template parameters constraint](#cloudformation-template-parameters-constraint)
+ * [Set launch role](#set-launch-role)
+ * [Deploy with StackSets](#deploy-with-stacksets)
+The `@aws-cdk/aws-servicecatalog` package contains resources that enable users to automate governance and management of their AWS resources at scale.
+```python
+import aws_cdk.aws_servicecatalog_alpha as servicecatalog
+```
+## Portfolio
+AWS Service Catalog portfolios allow administrators to organize, manage, and distribute cloud resources for their end users.
+Using the CDK, a new portfolio can be created with the `Portfolio` construct:
+```python
+servicecatalog.Portfolio(self, "Portfolio",
+ display_name="MyPortfolio",
+ provider_name="MyTeam"
+)
+```
+You can also specify optional metadata properties such as `description` and `messageLanguage`
+to help better catalog and manage your portfolios.
+```python
+servicecatalog.Portfolio(self, "Portfolio",
+ display_name="MyFirstPortfolio",
+ provider_name="SCAdmin",
+ description="Portfolio for a project",
+ message_language=servicecatalog.MessageLanguage.EN
+)
+```
+Read more at [Creating and Managing Portfolios](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios.html).
+To reference an existing portfolio into your CDK application, use the `Portfolio.fromPortfolioArn()` factory method:
+```python
+portfolio = servicecatalog.Portfolio.from_portfolio_arn(self, "ReferencedPortfolio", "arn:aws:catalog:region:account-id:portfolio/port-abcdefghi")
+```
+### Granting access to a portfolio
+You can grant access to and manage the `IAM` users, groups, or roles that have access to the products within a portfolio.
+Entities with granted access will be able to utilize the portfolios resources and products via the console or AWS CLI.
+Once resources are deployed end users will be able to access them via the console or service catalog CLI.
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+user = iam.User(self, "User")
+portfolio.give_access_to_user(user)
+role = iam.Role(self, "Role",
+ assumed_by=iam.AccountRootPrincipal()
+)
+portfolio.give_access_to_role(role)
+group = iam.Group(self, "Group")
+portfolio.give_access_to_group(group)
+```
+### Sharing a portfolio with another AWS account
+You can use account-to-account sharing to distribute a reference to your portfolio to other AWS accounts by passing the recipient account number.
+After the share is initiated, the recipient account can accept the share via CLI or console by importing the portfolio ID.
+Changes made to the shared portfolio will automatically propagate to recipients.
+```python
+# portfolio: servicecatalog.Portfolio
+portfolio.share_with_account("012345678901")
+```
+## Product
+Products are version friendly infrastructure-as-code templates that admins create and add to portfolios for end users to provision and create AWS resources.
+Service Catalog supports products from AWS Marketplace or ones defined by a CloudFormation template.
+The CDK currently only supports adding products of type CloudFormation.
+Using the CDK, a new Product can be created with the `CloudFormationProduct` construct.
+You can use `CloudFormationTemplate.fromUrl` to create a Product from a CloudFormation template directly from a URL that points to the template in S3, GitHub, or CodeCommit:
+```python
+product = servicecatalog.CloudFormationProduct(self, "MyFirstProduct",
+ product_name="My Product",
+ owner="Product Owner",
+ product_versions=[servicecatalog.CloudFormationProductVersion(
+ product_version_name="v1",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_url("https://raw.githubusercontent.com/awslabs/aws-cloudformation-templates/master/aws/services/ServiceCatalog/Product.yaml")
+ )
+ ]
+)
+```
+### Creating a product from a local asset
+A `CloudFormationProduct` can also be created by using a CloudFormation template held locally on disk using Assets.
+Assets are files that are uploaded to an S3 Bucket before deployment.
+`CloudFormationTemplate.fromAsset` can be utilized to create a Product by passing the path to a local template file on your disk:
+```python
+import path as path
+product = servicecatalog.CloudFormationProduct(self, "Product",
+ product_name="My Product",
+ owner="Product Owner",
+ product_versions=[servicecatalog.CloudFormationProductVersion(
+ product_version_name="v1",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_url("https://raw.githubusercontent.com/awslabs/aws-cloudformation-templates/master/aws/services/ServiceCatalog/Product.yaml")
+ ), servicecatalog.CloudFormationProductVersion(
+ product_version_name="v2",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_asset(path.join(__dirname, "development-environment.template.json"))
+ )
+ ]
+)
+```
+### Creating a product from a stack
+You can create a Service Catalog `CloudFormationProduct` entirely defined with CDK code using a service catalog `ProductStack`.
+A separate child stack for your product is created and you can add resources like you would for any other CDK stack,
+such as an S3 Bucket, IAM roles, and EC2 instances. This stack is passed in as a product version to your
+product. This will not create a separate CloudFormation stack during deployment.
+```python
+import aws_cdk.aws_s3 as s3
+import aws_cdk as cdk
+class S3BucketProduct(servicecatalog.ProductStack):
+ def __init__(self, scope, id):
+ super().__init__(scope, id)
+ s3.Bucket(self, "BucketProduct")
+product = servicecatalog.CloudFormationProduct(self, "Product",
+ product_name="My Product",
+ owner="Product Owner",
+ product_versions=[servicecatalog.CloudFormationProductVersion(
+ product_version_name="v1",
+ cloud_formation_template=servicecatalog.CloudFormationTemplate.from_product_stack(S3BucketProduct(self, "S3BucketProduct"))
+ )
+ ]
+)
+```
+### Adding a product to a portfolio
+You add products to a portfolio to organize and distribute your catalog at scale. Adding a product to a portfolio creates an association,
+and the product will become visible within the portfolio side in both the Service Catalog console and AWS CLI.
+You can add a product to multiple portfolios depending on your organizational structure and how you would like to group access to products.
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+portfolio.add_product(product)
+```
+## Tag Options
+TagOptions allow administrators to easily manage tags on provisioned products by providing a template for a selection of tags that end users choose from.
+TagOptions are created by specifying a tag key with a set of allowed values and can be associated with both portfolios and products.
+When launching a product, both the TagOptions associated with the product and the containing portfolio are made available.
+At the moment, TagOptions can only be deactivated in the console.
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+tag_options_for_portfolio = servicecatalog.TagOptions(self, "OrgTagOptions",
+ allowed_values_for_tags={
+ "Group": ["finance", "engineering", "marketing", "research"],
+ "CostCenter": ["01", "02", "03"]
+ }
+)
+portfolio.associate_tag_options(tag_options_for_portfolio)
+tag_options_for_product = servicecatalog.TagOptions(self, "ProductTagOptions",
+ allowed_values_for_tags={
+ "Environment": ["dev", "alpha", "prod"]
+ }
+)
+product.associate_tag_options(tag_options_for_product)
+```
+## Constraints
+Constraints are governance gestures that you place on product-portfolio associations that allow you to manage minimal launch permissions, notifications, and other optional actions that end users can perform on products.
+Using the CDK, if you do not explicitly associate a product to a portfolio and add a constraint, it will automatically add an association for you.
+There are rules around how constraints are applied to portfolio-product associations.
+For example, you can only have a single "launch role" constraint applied to a portfolio-product association.
+If a misconfigured constraint is added, `synth` will fail with an error message.
+Read more at [Service Catalog Constraints](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints.html).
+### Tag update constraint
+Tag update constraints allow or disallow end users to update tags on resources associated with an AWS Service Catalog product upon provisioning.
+By default, if a Tag Update constraint is not configured, tag updating is not permitted.
+If tag updating is allowed, then new tags associated with the product or portfolio will be applied to provisioned resources during a provisioned product update.
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+portfolio.add_product(product)
+portfolio.constrain_tag_updates(product)
+```
+If you want to disable this feature later on, you can update it by setting the "allow" parameter to `false`:
+```python
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+# to disable tag updates:
+portfolio.constrain_tag_updates(product,
+ allow=False
+)
+```
+### Notify on stack events
+Allows users to subscribe an AWS `SNS` topic to a provisioned product's CloudFormation stack events.
+When an end user provisions a product it creates a CloudFormation stack that notifies the subscribed topic on creation, edit, and delete events.
+An individual `SNS` topic may only have a single subscription to any given portfolio-product association.
+```python
+import aws_cdk.aws_sns as sns
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+topic1 = sns.Topic(self, "Topic1")
+portfolio.notify_on_stack_events(product, topic1)
+topic2 = sns.Topic(self, "Topic2")
+portfolio.notify_on_stack_events(product, topic2,
+ description="description for topic2"
+)
+```
+### CloudFormation template parameters constraint
+CloudFormation template parameter constraints allow you to configure the provisioning parameters that are available to end users when they launch a product.
+Template constraint rules consist of one or more assertions that define the default and/or allowable values for a product’s provisioning parameters.
+You can configure multiple parameter constraints to govern the different provisioning parameters within your products.
+For example, a rule might define the `EC2` instance types that users can choose from when launching a product that includes one or more `EC2` instances.
+Parameter rules have an optional `condition` field that allow for rule application to consider conditional evaluations.
+If a `condition` is specified, all assertions will be applied if the condition evaluates to true.
+For information on rule-specific intrinsic functions to define rule conditions and assertions,
+see [AWS Rule Functions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-rules.html).
+```python
+import aws_cdk as cdk
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+portfolio.constrain_cloud_formation_parameters(product,
+ rule=servicecatalog.TemplateRule(
+ rule_name="testInstanceType",
+ condition=cdk.Fn.condition_equals(cdk.Fn.ref("Environment"), "test"),
+ assertions=[servicecatalog.TemplateRuleAssertion(
+ assert=cdk.Fn.condition_contains(["t2.micro", "t2.small"], cdk.Fn.ref("InstanceType")),
+ description="For test environment, the instance type should be small"
+ )]
+ )
+)
+```
+### Set launch role
+Allows you to configure a specific `IAM` role that Service Catalog assumes on behalf of the end user when launching a product.
+By setting a launch role constraint, you can maintain least permissions for an end user when launching a product.
+For example, a launch role can grant permissions for specific resource creation like an `S3` bucket that the user.
+The launch role must be assumed by the Service Catalog principal.
+You can only have one launch role set for a portfolio-product association,
+and you cannot set a launch role on a product that already has a StackSets deployment configured.
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+launch_role = iam.Role(self, "LaunchRole",
+ assumed_by=iam.ServicePrincipal("servicecatalog.amazonaws.com")
+)
+portfolio.set_launch_role(product, launch_role)
+```
+You can also set the launch role using just the name of a role which is locally deployed in end user accounts.
+This is useful for when roles and users are separately managed outside of the CDK.
+The given role must exist in both the account that creates the launch role constraint,
+as well as in any end user accounts that wish to provision a product with the launch role.
+You can do this by passing in the role with an explicitly set name:
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+launch_role = iam.Role(self, "LaunchRole",
+ role_name="MyRole",
+ assumed_by=iam.ServicePrincipal("servicecatalog.amazonaws.com")
+)
+portfolio.set_local_launch_role(product, launch_role)
+```
+Or you can simply pass in a role name and CDK will create a role with that name that trusts service catalog in the account:
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+role_name = "MyRole"
+launch_role = portfolio.set_local_launch_role_name(product, role_name)
+```
+See [Launch Constraint](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints-launch.html) documentation
+to understand the permissions that launch roles need.
+### Deploy with StackSets
+A StackSets deployment constraint allows you to configure product deployment options using
+[AWS CloudFormation StackSets](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/using-stacksets.html).
+You can specify one or more accounts and regions into which stack instances will launch when the product is provisioned.
+There is an additional field `allowStackSetInstanceOperations` that sets ability for end users to create, edit, or delete the stacks created by the StackSet.
+By default, this field is set to `false`.
+When launching a StackSets product, end users can select from the list of accounts and regions configured in the constraint to determine where the Stack Instances will deploy and the order of deployment.
+You can only define one StackSets deployment configuration per portfolio-product association,
+and you cannot both set a launch role and StackSets deployment configuration for an assocation.
+```python
+import aws_cdk.aws_iam as iam
+# portfolio: servicecatalog.Portfolio
+# product: servicecatalog.CloudFormationProduct
+admin_role = iam.Role(self, "AdminRole",
+ assumed_by=iam.AccountRootPrincipal()
+)
+portfolio.deploy_with_stack_sets(product,
+ accounts=["012345678901", "012345678902", "012345678903"],
+ regions=["us-west-1", "us-east-1", "us-west-2", "us-east-1"],
+ admin_role=admin_role,
+ execution_role_name="SCStackSetExecutionRole", # Name of role deployed in end users accounts.
+ allow_stack_set_instance_operations=True
+)
+```
+
+%prep
+%autosetup -n aws-cdk.aws-servicecatalog-alpha-2.22.0a0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+ find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+ find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+ find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+ find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+ find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-aws-cdk.aws-servicecatalog-alpha -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Wed May 31 2023 Python_Bot <Python_Bot@openeuler.org> - 2.22.0a0-1
+- Package Spec generated
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-25 22:31:42 +0000