| Copyright | (c) 2013-2023 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Amazonka.ServiceCatalog.AssociatePrincipalWithPortfolio
Description
Associates the specified principal ARN with the specified portfolio.
If you share the portfolio with principal name sharing enabled, the
PrincipalARN association is included in the share.
The PortfolioID, PrincipalARN, and PrincipalType parameters are
required.
You can associate a maximum of 10 Principals with a portfolio using
PrincipalType as IAM_PATTERN
When you associate a principal with portfolio, a potential privilege
escalation path may occur when that portfolio is then shared with other
accounts. For a user in a recipient account who is not an Service
Catalog Admin, but still has the ability to create Principals
(Users/Groups/Roles), that user could create a role that matches a
principal name association for the portfolio. Although this user may not
know which principal names are associated through Service Catalog, they
may be able to guess the user. If this potential escalation path is a
concern, then Service Catalog recommends using PrincipalType as IAM.
With this configuration, the PrincipalARN must already exist in the
recipient account before it can be associated.
Synopsis
- data AssociatePrincipalWithPortfolio = AssociatePrincipalWithPortfolio' {}
- newAssociatePrincipalWithPortfolio :: Text -> Text -> PrincipalType -> AssociatePrincipalWithPortfolio
- associatePrincipalWithPortfolio_acceptLanguage :: Lens' AssociatePrincipalWithPortfolio (Maybe Text)
- associatePrincipalWithPortfolio_portfolioId :: Lens' AssociatePrincipalWithPortfolio Text
- associatePrincipalWithPortfolio_principalARN :: Lens' AssociatePrincipalWithPortfolio Text
- associatePrincipalWithPortfolio_principalType :: Lens' AssociatePrincipalWithPortfolio PrincipalType
- data AssociatePrincipalWithPortfolioResponse = AssociatePrincipalWithPortfolioResponse' {
- httpStatus :: Int
- newAssociatePrincipalWithPortfolioResponse :: Int -> AssociatePrincipalWithPortfolioResponse
- associatePrincipalWithPortfolioResponse_httpStatus :: Lens' AssociatePrincipalWithPortfolioResponse Int
Creating a Request
data AssociatePrincipalWithPortfolio Source #
See: newAssociatePrincipalWithPortfolio smart constructor.
Constructors
| AssociatePrincipalWithPortfolio' | |
Fields
| |
Instances
newAssociatePrincipalWithPortfolio Source #
Arguments
| :: Text | |
| -> Text | |
| -> PrincipalType | |
| -> AssociatePrincipalWithPortfolio |
Create a value of AssociatePrincipalWithPortfolio with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:acceptLanguage:AssociatePrincipalWithPortfolio', associatePrincipalWithPortfolio_acceptLanguage - The language code.
en- English (default)jp- Japanesezh- Chinese
AssociatePrincipalWithPortfolio, associatePrincipalWithPortfolio_portfolioId - The portfolio identifier.
AssociatePrincipalWithPortfolio, associatePrincipalWithPortfolio_principalARN - The ARN of the principal (IAM user, role, or group). This field allows
an ARN with no accountID if PrincipalType is IAM_PATTERN.
You can associate multiple IAM patterns even if the account has no
principal with that name. This is useful in Principal Name Sharing if
you want to share a principal without creating it in the account that
owns the portfolio.
AssociatePrincipalWithPortfolio, associatePrincipalWithPortfolio_principalType - The principal type. The supported value is IAM if you use a fully
defined ARN, or IAM_PATTERN if you use an ARN with no accountID.
Request Lenses
associatePrincipalWithPortfolio_acceptLanguage :: Lens' AssociatePrincipalWithPortfolio (Maybe Text) Source #
The language code.
en- English (default)jp- Japanesezh- Chinese
associatePrincipalWithPortfolio_portfolioId :: Lens' AssociatePrincipalWithPortfolio Text Source #
The portfolio identifier.
associatePrincipalWithPortfolio_principalARN :: Lens' AssociatePrincipalWithPortfolio Text Source #
The ARN of the principal (IAM user, role, or group). This field allows
an ARN with no accountID if PrincipalType is IAM_PATTERN.
You can associate multiple IAM patterns even if the account has no
principal with that name. This is useful in Principal Name Sharing if
you want to share a principal without creating it in the account that
owns the portfolio.
associatePrincipalWithPortfolio_principalType :: Lens' AssociatePrincipalWithPortfolio PrincipalType Source #
The principal type. The supported value is IAM if you use a fully
defined ARN, or IAM_PATTERN if you use an ARN with no accountID.
Destructuring the Response
data AssociatePrincipalWithPortfolioResponse Source #
See: newAssociatePrincipalWithPortfolioResponse smart constructor.
Constructors
| AssociatePrincipalWithPortfolioResponse' | |
Fields
| |
Instances
newAssociatePrincipalWithPortfolioResponse Source #
Arguments
| :: Int | |
| -> AssociatePrincipalWithPortfolioResponse |
Create a value of AssociatePrincipalWithPortfolioResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:AssociatePrincipalWithPortfolioResponse', associatePrincipalWithPortfolioResponse_httpStatus - The response's http status code.
Response Lenses
associatePrincipalWithPortfolioResponse_httpStatus :: Lens' AssociatePrincipalWithPortfolioResponse Int Source #
The response's http status code.