ServiceCatalog Portfolio Support for PrincipalName, Organisation Sharing & Constraints within Central Hub Account
Opened this issue · 0 comments
Is your feature request related to a problem? Please describe.
Currently there is no support in puppet to mention the principal name though its supported by ServiceCatalog. It would be great if the spoke-local-portfolios/Associations is extended to provide the Principal name rather than ARN for user/role/group or all together create a new category for managing catalog within Hub account with Org sharing, Constraints & Principal association.
Describe the solution you'd like
Support in portfolios/Associations to provide the Principal name rather than ARN for user/role/group.
Though its name 'spoke-local-portfolios' is very much opinionated as local portolio it would be great if we have another category which is mainly for managing the portfolios within Hub and shared with all spoke as part of sharing at Org or OrgUnit level.
Means for this business case no spoke copy and local associated stack for principal and constraint would be required in spoke account. Everything can be managed from central Hub account. This would also increase the performance and puppet run as multiple spoke related stack and api runs wont be required.
Describe alternatives you've considered
In case its not available we can create a stack to be deployed on Hub account:
- To share the hub portfolio to Org/OrgUnit
- Associate the principal name[role or user etc] with IAM_PATTERN
- Apply Constraints etc...
Additional context
Add any other context or screenshots about the feature request here.