AWS Service Catalog

2018/11/01 - AWS Service Catalog - 5 new 5 updated api methods

Changes  Service Catalog integration with AWS Organizations, enables customers to more easily create and manage a portfolio of IT services across an organization. Administrators can now take advantage of the AWS account structure and account groupings configured in AWS Organizations to share Service Catalog Portfolios increasing agility and reducing risk. With this integration the admin user will leverage the trust relationship that exists within the accounts of the Organization to share portfolios to the entire Organization, a specific Organizational Unit or a specific Account.

ListOrganizationPortfolioAccess (new) Link ¶

Lists the organization nodes that have access to the specified portfolio. This API can only be called by the master account in the organization.

See also: AWS API Documentation

Request Syntax

client.list_organization_portfolio_access(
    AcceptLanguage='string',
    PortfolioId='string',
    OrganizationNodeType='ORGANIZATION'|'ORGANIZATIONAL_UNIT'|'ACCOUNT',
    PageToken='string',
    PageSize=123
)
type AcceptLanguage

string

param AcceptLanguage

The language code.

  • en - English (default)

  • jp - Japanese

  • zh - Chinese

type PortfolioId

string

param PortfolioId

[REQUIRED]

The portfolio identifier. For example, port-2abcdext3y5fk .

type OrganizationNodeType

string

param OrganizationNodeType

[REQUIRED]

The organization node type that will be returned in the output.

  • ORGANIZATION - Organization that has access to the portfolio.

  • ORGANIZATIONAL_UNIT - Organizational unit that has access to the portfolio within your organization.

  • ACCOUNT - Account that has access to the portfolio within your organization.

type PageToken

string

param PageToken

The page token for the next set of results. To retrieve the first set of results, use null.

type PageSize

integer

param PageSize

The maximum number of items to return with this call.

rtype

dict

returns

Response Syntax

{
    'OrganizationNodes': [
        {
            'Type': 'ORGANIZATION'|'ORGANIZATIONAL_UNIT'|'ACCOUNT',
            'Value': 'string'
        },
    ],
    'NextPageToken': 'string'
}

Response Structure

  • (dict) --

    • OrganizationNodes (list) --

      Displays information about the organization nodes.

      • (dict) --

        • Type (string) --

        • Value (string) --

    • NextPageToken (string) --

      The page token to use to retrieve the next set of results. If there are no additional results, this value is null.

DescribePortfolioShareStatus (new) Link ¶

Gets the status of the specified portfolio share operation. This API can only be called by the master account in the organization.

See also: AWS API Documentation

Request Syntax

client.describe_portfolio_share_status(
    PortfolioShareToken='string'
)
type PortfolioShareToken

string

param PortfolioShareToken

[REQUIRED]

The token for the portfolio share operation. This token is returned either by CreatePortfolioShare or by DeletePortfolioShare.

rtype

dict

returns

Response Syntax

{
    'PortfolioShareToken': 'string',
    'PortfolioId': 'string',
    'OrganizationNodeValue': 'string',
    'Status': 'NOT_STARTED'|'IN_PROGRESS'|'COMPLETED'|'COMPLETED_WITH_ERRORS'|'ERROR',
    'ShareDetails': {
        'SuccessfulShares': [
            'string',
        ],
        'ShareErrors': [
            {
                'Accounts': [
                    'string',
                ],
                'Message': 'string',
                'Error': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • PortfolioShareToken (string) --

      The token for the portfolio share operation. For example, share-6v24abcdefghi .

    • PortfolioId (string) --

      The portfolio identifier.

    • OrganizationNodeValue (string) --

      Organization node identifier. It can be either account id, organizational unit id or organization id.

    • Status (string) --

      Status of the portfolio share operation.

    • ShareDetails (dict) --

      Information about the portfolio share operation.

      • SuccessfulShares (list) --

        List of accounts for whom the operation succeeded.

        • (string) --

      • ShareErrors (list) --

        List of errors.

        • (dict) --

          Errors that occurred during the portfolio share operation.

          • Accounts (list) --

            List of accounts impacted by the error.

            • (string) --

          • Message (string) --

            Information about the error.

          • Error (string) --

            Error type that happened when processing the operation.

DisableAWSOrganizationsAccess (new) Link ¶

Disable portfolio sharing through AWS Organizations feature. This feature will not delete your current shares but it will prevent you from creating new shares throughout your organization. Current shares will not be in sync with your organization structure if it changes after calling this API. This API can only be called by the master account in the organization.

See also: AWS API Documentation

Request Syntax

client.disable_aws_organizations_access()
rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

GetAWSOrganizationsAccessStatus (new) Link ¶

Get the Access Status for AWS Organization portfolio share feature. This API can only be called by the master account in the organization.

See also: AWS API Documentation

Request Syntax

client.get_aws_organizations_access_status()
rtype

dict

returns

Response Syntax

{
    'AccessStatus': 'ENABLED'|'UNDER_CHANGE'|'DISABLED'
}

Response Structure

  • (dict) --

    • AccessStatus (string) --

      The status of the portfolio share feature.

EnableAWSOrganizationsAccess (new) Link ¶

Enable portfolio sharing feature through AWS Organizations. This API will allow Service Catalog to receive updates on your organization in order to sync your shares with the current structure. This API can only be called by the master account in the organization.

By calling this API Service Catalog will use FAS credentials to call organizations:EnableAWSServiceAccess so that your shares can be in sync with any changes in your AWS Organizations.

See also: AWS API Documentation

Request Syntax

client.enable_aws_organizations_access()
rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

AcceptPortfolioShare (updated) Link ¶
Changes (request)
{'PortfolioShareType': 'IMPORTED | AWS_SERVICECATALOG | AWS_ORGANIZATIONS'}

Accepts an offer to share the specified portfolio.

See also: AWS API Documentation

Request Syntax

client.accept_portfolio_share(
    AcceptLanguage='string',
    PortfolioId='string',
    PortfolioShareType='IMPORTED'|'AWS_SERVICECATALOG'|'AWS_ORGANIZATIONS'
)
type AcceptLanguage

string

param AcceptLanguage

The language code.

  • en - English (default)

  • jp - Japanese

  • zh - Chinese

type PortfolioId

string

param PortfolioId

[REQUIRED]

The portfolio identifier.

type PortfolioShareType

string

param PortfolioShareType

The type of shared portfolios to accept. The default is to accept imported portfolios.

  • AWS_ORGANIZATIONS - Accept portfolios shared by the master account of your organization.

  • IMPORTED - Accept imported portfolios.

  • AWS_SERVICECATALOG - Not supported. (Throws ResourceNotFoundException.)

For example, aws servicecatalog accept-portfolio-share --portfolio-id "port-2qwzkwxt3y5fk" --portfolio-share-type AWS_ORGANIZATIONS

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

CreatePortfolioShare (updated) Link ¶
Changes (request, response)
Request
{'OrganizationNode': {'Type': 'ORGANIZATION | ORGANIZATIONAL_UNIT | ACCOUNT',
                      'Value': 'string'}}
Response
{'PortfolioShareToken': 'string'}

Shares the specified portfolio with the specified account or organization node. Shares to an organization node can only be created by the master account of an Organization. AWSOrganizationsAccess must be enabled in order to create a portfolio share to an organization node.

See also: AWS API Documentation

Request Syntax

client.create_portfolio_share(
    AcceptLanguage='string',
    PortfolioId='string',
    AccountId='string',
    OrganizationNode={
        'Type': 'ORGANIZATION'|'ORGANIZATIONAL_UNIT'|'ACCOUNT',
        'Value': 'string'
    }
)
type AcceptLanguage

string

param AcceptLanguage

The language code.

  • en - English (default)

  • jp - Japanese

  • zh - Chinese

type PortfolioId

string

param PortfolioId

[REQUIRED]

The portfolio identifier.

type AccountId

string

param AccountId

The AWS account ID. For example, 123456789012 .

type OrganizationNode

dict

param OrganizationNode

The organization node to whom you are going to share. If OrganizationNode is passed in, PortfolioShare will be created for the node and its children (when applies), and a PortfolioShareToken will be returned in the output in order for the administrator to monitor the status of the PortfolioShare creation process.

  • Type (string) --

  • Value (string) --

rtype

dict

returns

Response Syntax

{
    'PortfolioShareToken': 'string'
}

Response Structure

  • (dict) --

    • PortfolioShareToken (string) --

      The portfolio share unique identifier. This will only be returned if portfolio is shared to an organization node.

DeletePortfolioShare (updated) Link ¶
Changes (request, response)
Request
{'OrganizationNode': {'Type': 'ORGANIZATION | ORGANIZATIONAL_UNIT | ACCOUNT',
                      'Value': 'string'}}
Response
{'PortfolioShareToken': 'string'}

Stops sharing the specified portfolio with the specified account or organization node. Shares to an organization node can only be deleted by the master account of an Organization.

See also: AWS API Documentation

Request Syntax

client.delete_portfolio_share(
    AcceptLanguage='string',
    PortfolioId='string',
    AccountId='string',
    OrganizationNode={
        'Type': 'ORGANIZATION'|'ORGANIZATIONAL_UNIT'|'ACCOUNT',
        'Value': 'string'
    }
)
type AcceptLanguage

string

param AcceptLanguage

The language code.

  • en - English (default)

  • jp - Japanese

  • zh - Chinese

type PortfolioId

string

param PortfolioId

[REQUIRED]

The portfolio identifier.

type AccountId

string

param AccountId

The AWS account ID.

type OrganizationNode

dict

param OrganizationNode

The organization node to whom you are going to stop sharing.

  • Type (string) --

  • Value (string) --

rtype

dict

returns

Response Syntax

{
    'PortfolioShareToken': 'string'
}

Response Structure

  • (dict) --

    • PortfolioShareToken (string) --

      The portfolio share unique identifier. This will only be returned if delete is made to an organization node.

ListAcceptedPortfolioShares (updated) Link ¶
Changes (request)
{'PortfolioShareType': ['AWS_ORGANIZATIONS']}

Lists all portfolios for which sharing was accepted by this account.

See also: AWS API Documentation

Request Syntax

client.list_accepted_portfolio_shares(
    AcceptLanguage='string',
    PageToken='string',
    PageSize=123,
    PortfolioShareType='IMPORTED'|'AWS_SERVICECATALOG'|'AWS_ORGANIZATIONS'
)
type AcceptLanguage

string

param AcceptLanguage

The language code.

  • en - English (default)

  • jp - Japanese

  • zh - Chinese

type PageToken

string

param PageToken

The page token for the next set of results. To retrieve the first set of results, use null.

type PageSize

integer

param PageSize

The maximum number of items to return with this call.

type PortfolioShareType

string

param PortfolioShareType

The type of shared portfolios to list. The default is to list imported portfolios.

  • AWS_ORGANIZATIONS - List portfolios shared by the master account of your organization

  • AWS_SERVICECATALOG - List default portfolios

  • IMPORTED - List imported portfolios

rtype

dict

returns

Response Syntax

{
    'PortfolioDetails': [
        {
            'Id': 'string',
            'ARN': 'string',
            'DisplayName': 'string',
            'Description': 'string',
            'CreatedTime': datetime(2015, 1, 1),
            'ProviderName': 'string'
        },
    ],
    'NextPageToken': 'string'
}

Response Structure

  • (dict) --

    • PortfolioDetails (list) --

      Information about the portfolios.

      • (dict) --

        Information about a portfolio.

        • Id (string) --

          The portfolio identifier.

        • ARN (string) --

          The ARN assigned to the portfolio.

        • DisplayName (string) --

          The name to use for display purposes.

        • Description (string) --

          The description of the portfolio.

        • CreatedTime (datetime) --

          The UTC time stamp of the creation time.

        • ProviderName (string) --

          The name of the portfolio provider.

    • NextPageToken (string) --

      The page token to use to retrieve the next set of results. If there are no additional results, this value is null.

RejectPortfolioShare (updated) Link ¶
Changes (request)
{'PortfolioShareType': 'IMPORTED | AWS_SERVICECATALOG | AWS_ORGANIZATIONS'}

Rejects an offer to share the specified portfolio.

See also: AWS API Documentation

Request Syntax

client.reject_portfolio_share(
    AcceptLanguage='string',
    PortfolioId='string',
    PortfolioShareType='IMPORTED'|'AWS_SERVICECATALOG'|'AWS_ORGANIZATIONS'
)
type AcceptLanguage

string

param AcceptLanguage

The language code.

  • en - English (default)

  • jp - Japanese

  • zh - Chinese

type PortfolioId

string

param PortfolioId

[REQUIRED]

The portfolio identifier.

type PortfolioShareType

string

param PortfolioShareType

The type of shared portfolios to reject. The default is to reject imported portfolios.

  • AWS_ORGANIZATIONS - Reject portfolios shared by the master account of your organization.

  • IMPORTED - Reject imported portfolios.

  • AWS_SERVICECATALOG - Not supported. (Throws ResourceNotFoundException.)

For example, aws servicecatalog reject-portfolio-share --portfolio-id "port-2qwzkwxt3y5fk" --portfolio-share-type AWS_ORGANIZATIONS

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --