AWS Service Catalog Update: An Admin can now update the launch role a…

…ssociated with a Provisioned Product. Admins and End Users can now view the launch role associated with a Provisioned Product.
aws · Oct 19, 2020 · ca72ed3 · ca72ed3
1 parent 6d32a50
commit ca72ed3
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 4 deletions.
diff --git a/.changes/next-release/feature-AWSServiceCatalog-983fa6e.json b/.changes/next-release/feature-AWSServiceCatalog-983fa6e.json
@@ -0,0 +1,5 @@
+{
+    "type": "feature",
+    "category": "AWS Service Catalog",
+    "description": "An Admin can now update the launch role associated with a Provisioned Product. Admins and End Users can now view the launch role associated with a Provisioned Product."
+}
diff --git a/services/servicecatalog/src/main/resources/codegen-resources/service-2.json b/services/servicecatalog/src/main/resources/codegen-resources/service-2.json
@@ -2479,11 +2479,11 @@
         },
         "Id":{
           "shape":"Id",
-          "documentation":"<p>The provisioned product identifier.</p>"
+          "documentation":"<p>The provisioned product identifier. You must provide the name or ID, but not both.</p> <p>If you do not provide a name or ID, or you provide both name and ID, an <code>InvalidParametersException</code> will occur.</p>"
         },
         "Name":{
           "shape":"ProvisionedProductName",
-          "documentation":"<p>The name of the provisioned product.</p>"
+          "documentation":"<p>The name of the provisioned product. You must provide the name or ID, but not both.</p> <p>If you do not provide a name or ID, or you provide both name and ID, an <code>InvalidParametersException</code> will occur.</p>"
         }
       },
       "documentation":"DescribeProvisionedProductAPI input structure. AcceptLanguage - [Optional] The language code for localization. Id - [Optional] The provisioned product identifier. Name - [Optional] Another provisioned product identifier. Customers must provide either Id or Name."
@@ -4227,7 +4227,10 @@
     },
     "PropertyKey":{
       "type":"string",
-      "enum":["OWNER"],
+      "enum":[
+        "OWNER",
+        "LAUNCH_ROLE"
+      ],
       "max":128,
       "min":1
     },
@@ -4453,6 +4456,10 @@
         "ProvisioningArtifactId":{
           "shape":"Id",
           "documentation":"<p>The identifier of the provisioning artifact. For example, <code>pa-4abcdjnxjj6ne</code>.</p>"
+        },
+        "LaunchRoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The ARN of the launch role associated with the provisioned product.</p>"
         }
       },
       "documentation":"<p>Information about a provisioned product.</p>"
@@ -4980,6 +4987,10 @@
         "RecordTags":{
           "shape":"RecordTags",
           "documentation":"<p>One or more tags.</p>"
+        },
+        "LaunchRoleArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The ARN of the launch role associated with the provisioned product.</p>"
         }
       },
       "documentation":"<p>Information about a request operation.</p>"
@@ -5255,6 +5266,12 @@
       "documentation":"<p>Information about a change to a resource attribute.</p>"
     },
     "ResourceType":{"type":"string"},
+    "RoleArn":{
+      "type":"string",
+      "max":1224,
+      "min":1,
+      "pattern":"arn:[a-z0-9-\\.]{1,63}:iam::[a-z0-9-\\.]{0,63}:role\\/.{0,1023}"
+    },
     "ScanProvisionedProductsInput":{
       "type":"structure",
       "members":{
@@ -6105,7 +6122,7 @@
         },
         "ProvisionedProductProperties":{
           "shape":"ProvisionedProductProperties",
-          "documentation":"<p>A map that contains the provisioned product properties to be updated.</p> <p>The <code>OWNER</code> key accepts user ARNs and role ARNs. The owner is the user that is allowed to see, update, terminate, and execute service actions in the provisioned product.</p> <p>The administrator can change the owner of a provisioned product to another IAM user within the same account. Both end user owners and administrators can see ownership history of the provisioned product using the <code>ListRecordHistory</code> API. The new owner can describe all past records for the provisioned product using the <code>DescribeRecord</code> API. The previous owner can no longer use <code>DescribeRecord</code>, but can still see the product's history from when he was an owner using <code>ListRecordHistory</code>.</p> <p>If a provisioned product ownership is assigned to an end user, they can see and perform any action through the API or Service Catalog console such as update, terminate, and execute service actions. If an end user provisions a product and the owner is updated to someone else, they will no longer be able to see or perform any actions through API or the Service Catalog console on that provisioned product.</p>"
+          "documentation":"<p>A map that contains the provisioned product properties to be updated.</p> <p>The <code>LAUNCH_ROLE</code> key accepts user ARNs and role ARNs. This key allows an administrator to call <code>UpdateProvisionedProductProperties</code> to update the launch role that is associated with a provisioned product. This role is used when an end-user calls a provisioning operation such as <code>UpdateProvisionedProduct</code>, <code>TerminateProvisionedProduct</code>, or <code>ExecuteProvisionedProductServiceAction</code>. Only an ARN role or <code>null</code> is valid. A user ARN is invalid. For example, if an admin user passes <code>null</code> as the value for the key <code>LAUNCH_ROLE</code>, the admin removes the launch role that is associated with the provisioned product. As a result, the end user operations use the credentials of the end user.</p> <p>The <code>OWNER</code> key accepts user ARNs and role ARNs. The owner is the user that has permission to see, update, terminate, and execute service actions in the provisioned product.</p> <p>The administrator can change the owner of a provisioned product to another IAM user within the same account. Both end user owners and administrators can see ownership history of the provisioned product using the <code>ListRecordHistory</code> API. The new owner can describe all past records for the provisioned product using the <code>DescribeRecord</code> API. The previous owner can no longer use <code>DescribeRecord</code>, but can still see the product's history from when he was an owner using <code>ListRecordHistory</code>.</p> <p>If a provisioned product ownership is assigned to an end user, they can see and perform any action through the API or Service Catalog console such as update, terminate, and execute service actions. If an end user provisions a product and the owner is updated to someone else, they will no longer be able to see or perform any actions through API or the Service Catalog console on that provisioned product.</p>"
         },
         "IdempotencyToken":{
           "shape":"IdempotencyToken",