Resource: awsServicecatalogConstraint
Manages a Service Catalog Constraint.
\~> NOTE: This resource does not associate a Service Catalog product and portfolio. However, the product and portfolio must be associated (see the awsServicecatalogProductPortfolioAssociation
resource) prior to creating a constraint or you will receive an error.
Example Usage
Basic Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.servicecatalogConstraint.ServicecatalogConstraint(this, "example", {
description: "Back off, man. I'm a scientist.",
parameters:
'${jsonencode({\n "RoleArn" : "arn:aws:iam::123456789012:role/LaunchRole"\n })}',
portfolioId: "${aws_servicecatalog_portfolio.example.id}",
productId: "${aws_servicecatalog_product.example.id}",
type: "LAUNCH",
});
Argument Reference
The following arguments are required:
parameters
- (Required) Constraint parameters in JSON format. The syntax depends on the constraint type. See details below.portfolioId
- (Required) Portfolio identifier.productId
- (Required) Product identifier.type
- (Required) Type of constraint. Valid values arelaunch
,notification
,RESOURCE_UPDATE
,stackset
, andtemplate
.
The following arguments are optional:
acceptLanguage
- (Optional) Language code. Valid values:en
(English),jp
(Japanese),zh
(Chinese). Default value isen
.description
- (Optional) Description of the constraint.
parameters
The type
you specify determines what must be included in the parameters
JSON:
launch
: You are required to specify either the RoleArn or the LocalRoleName but can't use both. If you specify thelocalRoleName
property, when an account uses the launch constraint, the IAM role with that name in the account will be used. This allows launch-role constraints to be account-agnostic so the administrator can create fewer resources per shared account. The given role name must exist in the account used to create the launch constraint and the account of the user who launches a product with this launch constraint. You cannot have both alaunch
and astackset
constraint. You also cannot have more than onelaunch
constraint on anawsServicecatalogProduct
andawsServicecatalogPortfolio
. Specify theroleArn
andlocalRoleName
properties as follows:
notification
: Specify thenotificationArns
property as follows:
RESOURCE_UPDATE
: Specify thetagUpdatesOnProvisionedProduct
property as follows. ThetagUpdatesOnProvisionedProduct
property accepts a string value ofallowed
orNOT_ALLOWED
.
stackset
: Specify the Parameters property as follows. You cannot have both alaunch
and astackset
constraint. You also cannot have more than onestackset
constraint on on anawsServicecatalogProduct
andawsServicecatalogPortfolio
. Products with astackset
constraint will launch an AWS CloudFormation stack set.
{ "Version" : "String", "Properties" : { "AccountList" : [ "String" ], "RegionList" : [ "String" ], "AdminRole" : "String", "ExecutionRole" : "String" }}
template
: Specify the Rules property. For more information, see Template Constraint Rules.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- Constraint identifier.owner
- Owner of the constraint.
Timeouts
create
- (Default3M
)read
- (Default10M
)update
- (Default3M
)delete
- (Default3M
)
Import
awsServicecatalogConstraint
can be imported using the constraint ID, e.g.,