AWS Service Catalog (IAM)

aws management

AWS Service Catalog allows organizations to create and manage IT service catalogs of approved AWS resources for end users.

Common permissions

servicecatalog:ListPortfoliosservicecatalog:DescribeProductservicecatalog:ListLaunchPathsservicecatalog:ListApplicationsservicecatalog:GetApplicationservicecatalog:DescribeRecordservicecatalog:ListRecordHistoryservicecatalog:ListTagOptions

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "servicecatalog:ListPortfolios",
        "servicecatalog:DescribeProduct",
        "servicecatalog:ListLaunchPaths",
        "servicecatalog:ListApplications",
        "servicecatalog:GetApplication",
        "servicecatalog:DescribeRecord",
        "servicecatalog:ListRecordHistory",
        "servicecatalog:ListTagOptions"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid servicecatalog:* — grants full control including creating, updating, and deleting portfolios, products, and constraints
Avoid servicecatalog:CreateProduct and servicecatalog:DeleteProduct — can lead to unauthorized provisioning or removal of approved products

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/servicecatalog/servicecatalog.json ↗

API

full doc /v1/iam/servicecatalog