Identity and Access Management in Amazon Service Catalog
Access to Amazon Service Catalog requires credentials. Those credentials must have permission to access Amazon resources, such as a Amazon Service Catalog portfolio or product. Amazon Service Catalog integrates with Amazon Identity and Access Management (IAM) to enable you to grant Amazon Service Catalog administrators the permissions they need to create and manage products, and to grant Amazon Service Catalog end users the permissions they need to launch products and manage provisioned products. These policies are either created and managed by Amazon or individually by administrators and end users. To control access, you attach these policies to users, groups, and roles that you use with Amazon Service Catalog.
Audience
The permissions you have with Amazon Identity and Access Management (IAM) can depend on the role you play in Amazon Service Catalog.
The permissions you have through Amazon Identity and Access Management (IAM) can also depend on the role you play in Amazon Service Catalog.
Administrator - As a Amazon Service Catalog administrator, you need full access to the administrator console and IAM permissions that allow you to perform tasks such as creating and managing portfolios and products, managing constraints, and granting access to end users.
End user - Before your end users can use your products, you need to grant them permissions that give them access to the Amazon Service Catalog end user console. They can also have permissions to launch products and manage provisioned products.
IAM administrator - If you're an IAM administrator, you might want to learn details about how you can write policies to manage access to Amazon Service Catalog. To view example Amazon Service Catalog identity-based policies that you can use in IAM, see Amazon managed policies for Amazon Service Catalog AppRegistry.