In Multi-Account setup, how to grant Service Catalog Portfolio access to IAM Identity center users in different account?

Question

Hello -
I am using AWS Control Tower and I have a Management Account and a Development Account. I use IAM Identity Center. I have created a AWS Service Catalog Portfolio in my Management Account and I want to share it with users in my Development Account.

I have tried the following 2 options:
* the "Share" option in the portfolio to share with OU containing the Development Account. 
* providing access to the "role" i.e. the role in IAM that will be assumed when the SSO user logs in.
In both cases, when I go to the Development account and try to import the portfolio, I get an error saying "Error: Portfolio xxxxx not found".

Please let me know what I amd doing wrong.

Thanks,
Anand

Accepted Answer

I resolved it. My portfolio was created in a different region than where my Organization home. When I created the portfolio in the same region, it worked.

Answer

Have you followed this: https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios_sharing_how-to-share.html as sharing depends from who starts and to whom is targeted

Answer

Thank you Antonio. Yes, I have tried all the methods mentioned in that URL. Sharing through Account ID, Sharing through OU.

In Multi-Account setup, how to grant Service Catalog Portfolio access to IAM Identity center users in different account?

相关内容