Step 6: Add a Launch constraint to your Terraform product - Amazon Service Catalog
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 6: Add a Launch constraint to your Terraform product


You must create a launch constraint for HashiCorp Terraform products. Without a launch constraint, end users cannot provision the product.

After creating a launch role in your administrator account, you are ready to associate the launch role to a launch constraint on your External or Terraform Cloud product.

This launch constraint enables the end user to launch the product and, after launch, manage it as a provisioned product. For more information, see Amazon Service Catalog Launch Constraints.

Using a launch constraint allows you follow the IAM best practice of keeping end user IAM permissions to a minimum. For more information, see Grant least privilege in the IAM User Guide.

To assign a launch constraint to the product
  1. Open the Amazon Service Catalog console at

  2. In the left navigation console, choose Portfolio.

  3. Choose the S3 bucket portfolio.

  4. On the Portfolio details page, choose the Constraints tab, and then choose Create constraint.

  5. For Product, choose Simple S3 bucket. Amazon Service Catalog automatically selects the Launch constraint type.

  6. Choose Enter role name, and then choose SCLaunch-S3product.

  7. Choose Create.


The given role name must exist in the account that created the launch constraint and the account of the user who launches a product with this launch constraint.