Managing User Access in AWS Service Catalog
Question
Company ABC has started to use AWS Service Catalog to manage its CloudFormation stacks within the company.
In Service Catalog, several portfolios have been created with relevant products configured.
It is supposed to assign access to different users or teams for these different products.
For example, for one important payment service, only DevOps team can create, modify or delete the product.
In Service Catalog, how should you manage the user access?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - D.
For Service Catalog, it can grant user access to a portfolio which means that the user can browse the portfolio or launch the products in it.
Check details in.
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/what-is_concepts.htmland.
https://ap-southeast-2.console.aws.amazon.com/servicecatalog/home?region=ap-southeast-2#/home.Option A is incorrect: Because Service Control Policies (SCPs) are used in AWS Organizations instead of Service Catalog.
Option B is incorrect: Because AWS Cognito User Pools are user directories.
Users can sign in to web or mobile apps through Amazon Cognito User pools.
Option C is incorrect: Because Service Catalog does not have ACL policies.
Option D is CORRECT: Because Service Catalog assigns IAM permissions to manage access.
In the below screenshot, IAM users, groups and roles can be assigned to the portfolio.
![Edit action
Action name
Choose a name for your action
No more than 100 characters
‘Action provider
AWS Lambda v|
Region
Asia Pacific (Sydney) v ]
Input artifacts
Choose an input artifact for this action, Learn more [2
Add
No more than 100 characters
Function name
Choose a function that you have already created in the AWS Lambda console. Or create a function in the Amazon Lambda console and then return to this task.
Q
This string will be used in the event data parameter passed to the handler in AWS Lambda.
Variable namespace - optional
Choose a namespace for the output variables from this action. You must choose @ namespace if you want to use the variables ths action produces in your configuration. Learn more (2
Output artifacts
Choose a name for the output ofthis action
‘Add
No more than 100 characters](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/AWS-Certified-DevOps-Engineer-Professional/answer/imgckeditor_4.png)
The correct answer for managing user access to AWS Service Catalog products is D - Assign permissions to IAM users, groups, and roles.
AWS Service Catalog is a managed service that helps organizations create and manage catalogs of IT services that are approved for use on AWS. With Service Catalog, organizations can centrally manage commonly deployed AWS resources, ensure compliance with company policies, and reduce the time required to deploy infrastructure and applications on AWS.
To manage user access to Service Catalog products, IAM roles, groups, and users are used. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. IAM allows you to create and manage user identities (IAM users), assign IAM users to groups for ease of management, and define roles to delegate access to AWS resources.
Here are the steps to follow when managing user access to Service Catalog products:
Create an IAM policy - an IAM policy is a document that defines permissions. You can create a policy that allows users to create, modify, or delete a Service Catalog product.
Create an IAM group or role - create a group or role and attach the IAM policy to it. You can add IAM users to this group or role to grant them access to Service Catalog products.
Create Service Catalog portfolio access control - portfolio access control is used to grant or deny access to portfolios. You can use IAM roles to grant access to portfolios.
Associate the IAM group or role with the Service Catalog portfolio - after you create the IAM group or role, associate it with the Service Catalog portfolio.
Assign IAM users to the IAM group - add IAM users to the group that is associated with the Service Catalog portfolio.
By following these steps, you can ensure that users are granted the necessary permissions to access Service Catalog products based on their roles and responsibilities in the organization.
In conclusion, while all the options listed may be used in managing user access, using IAM policies to assign permissions to IAM users, groups, and roles is the most appropriate and recommended way to manage user access to Service Catalog products in AWS.
