This section describes how to create the AWS Service Management Connector end user and associates the appropriate IAM permission. To perform this task, you need IAM permissions to create new users.
To create AWS Service Management Connector end user
-
Follow the instructions in Creating an IAM user in your AWS account to create a user (SMEndUser). The user needs programmatic and AWS Management Console access to follow the Connector for ServiceNow installation instructions.
For products using AWS CloudFormation StackSets, you need to create a StackSet inline policy. With AWS CloudFormation StackSets, you are able to create products across multiple accounts and Regions.
Using an administrator account, you define and manage a Service Catalog product. You also use it to provision stacks into selected target accounts across specified Regions. You need to have the necessary permissions defined in your AWS accounts.
To set up the necessary permissions, see Granting Permissions for Stack Set Operations. Follow the instructions to create an
AWSCloudFormationStackSetAdministrationRoleand anAWSCloudFormationStackSetExecutionRole. -
Add the following permissions (policies) to the user:
-
AWSServiceCatalogEndUserFullAccess(AWS managed policy) -
StackSet(inline policy) - For Service Catalog products with stack sets, you need to modify the SMEndUser to include the Read Only permissions for the services you want to provision. For example, to provision an Amazon S3 bucket, include theAmazonS3ReadOnlyAccesspolicy to theSMEndUser. -
OpsCenterExecutionPolicy -
AmazonEC2ReadOnlyAccess(AWS managed policy) -
AmazonS3ReadOnlyAccess(AWS managed policy)
-
