Readonly
nameIndicates the name of the principal to associate the portfolio with.
Readonly
propagateIndicates whether the principal association should be created in accounts the portfolio is shared with. Verify the IAM principal exists in all accounts the portfolio is shared with before enabling.
When you propagate a principal association, a potential privilege escalation path may occur. For a user in a recipient account who is not a Service Catalog Admin, but still has the ability to create Principals (Users/Roles), that user could create an IAM Principal that matches a principal name association for the portfolio. Although this user may not know which principal names are associated through Service Catalog, they may be able to guess the user. If this potential escalation path is a concern, then LZA recommends disabling propagation.
Readonly
typeIndicates the type of portfolio association, valid values are: Group, User, and Role.
Generated using TypeDoc
CustomizationsConfig / CustomizationConfig / PortfolioConfig / PortfolioAssociationConfig
Portfolio Associations configuration
Example