How can I share a portfolio with accounts in my organization using AWS Service Catalog?

Last updated: 2019-12-31

How can I share a portfolio with accounts in my organization using AWS Service Catalog, and then allow users in the receiving account to view and launch those products?

Short Description

To share your portfolio, complete the steps in the following sections:

  • Share the portfolio with the organization or a specific organizational unit (OU) from the provider account
  • Import the portfolio to the target account
  • Allow users to access products in the shared portfolio from the target account

Resolution

Share the portfolio with the organization or a specific OU from the provider account

Important: You can share portfolios only from the master account. No other accounts have this privilege. You can share portfolios only within an AWS Region.

  1. Open the AWS Service Catalog console.
  2. In the navigation pane, choose Portfolios list.
  3. To choose the portfolio that you want to share, select the radio button next to the portfolio.
  4. Choose Share Portfolio.
  5. Choose Organization.
  6. For Node Type, choose Organization or Organizational Unit based on your needs.
    Note: To share the portfolio with all OUs in the organization, choose Organization. To share the portfolio with a single OU within the organization, choose Organizational Unit.
  7. For Input Value, enter your organization ID or OU ID.
  8. Choose Share.

Now, a message confirms that you have successfully shared your portfolio.

Import the portfolio to the target account

  1. Open the AWS Service Catalog console of the target account.
  2. In the navigation pane, choose Portfolios.
  3. Choose the Imported tab.
  4. Choose Actions, and then choose Import portfolio.
  5. For Portfolio ID, enter the portfolio ID that has been shared with this account from the master account.
  6. Choose Import.

Now, the shared portfolio is listed in the Portfolios section of the Imported tab.

Allow users to access products in the shared portfolio from the target account

To allow other users, groups, and roles to see the products shared in the portfolio, complete the following steps from the target account:

  1. Open the AWS Service Catalog console of the target account.
  2. In the navigation pane, choose Portfolios list, and then choose the shared portfolio.
  3. Choose Users, Groups, and Roles, and then choose Add user, group or role.
  4. To give an AWS Identity and Access Management (IAM) entity access to products in the portfolio, choose the Groups tab, Users tab, or Roles tab, depending on your needs.
  5. Select the IAM entity that you want to add access for.
  6. Choose ADD ACCESS.

Did this article help you?

Anything we could improve?


Need more help?