@aws-accelerator/config
    Preparing search index...

    Interface IPortfolioAssociatoinConfig

    CustomizationsConfig / CustomizationConfig / PortfolioConfig / PortfolioAssociationConfig

    Portfolio Associations configuration

    - type: Group
      name: Administrators
    - type: Role
      name: EC2-Default-SSM-AD-Role
      propagateAssociation: true
    - type: User
      name: breakGlassUser01
    - type: PermissionSet
      name: AWSPowerUserAccess
    interface IPortfolioAssociatoinConfig {
        type: PortfolioAssociationType;
        name: string;
        propagateAssociation?: boolean;
    }
    Index

    Properties

    type name propagateAssociation?

    Properties

    type: PortfolioAssociationType

    Indicates the type of portfolio association, valid values are: Group, User, and Role.

    name: string

    Indicates the name of the principal to associate the portfolio with.

    propagateAssociation?: boolean

    Indicates whether the principal association should be created in accounts the portfolio is shared with. Verify the IAM principal exists in all accounts the portfolio is shared with before enabling.

    When you propagate a principal association, a potential privilege escalation path may occur. For a user in a recipient account who is not a Service Catalog Admin, but still has the ability to create Principals (Users/Roles), that user could create an IAM Principal that matches a principal name association for the portfolio. Although this user may not know which principal names are associated through Service Catalog, they may be able to guess the user. If this potential escalation path is a concern, then LZA recommends disabling propagation.

    Settings

    Member Visibility

    On This Page

    Properties