The roles in this section support the launching of ServiceCatalog Products as launch constraints. You can create them all at once or individually depending on the portfolio you are deploying.
See the ServiceCatalog IAM Guide for more details. Users, groups, and roles which will be provisioning Service Catalog products must have the AWSServiceCatalogEndUserFullAccess managed policy attached. If you have other roles which you want to give access to a portfolio, then use LinkedRole1 and LinkedRole2. If you wish to add other users or groups directly, then modify the portfolio templates with the PortfolioPrincipalAssociation resource.
Create CodeCommit User:
https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html
Create ITSM demo environment:
For the ServiceNow Connector blog click here: https://aws.amazon.com/blogs/mt/how-to-install-and-configure-the-aws-service-catalog-connector-for-servicenow/
AWS Documentation for Service Management Connectors: https://docs.aws.amazon.com/servicecatalog/latest/adminguide/integrations.html
The following stacks are automatically created when the portfolios are launched, you usually do not need to launch them separately.
Create All roles:
Create EC2 and VPC roles:
Create S3 roles:
Create EMR roles:
Create RDS roles: