A company is setting up products to deploy in AWS Service Catalog. Management is concerned that when users launch products, elevated IAM privileges will be required to create resources. How should the company mitigate this concern?
A.
Add a template constraint to each product in the portfolio.
B.
Add a launch constraint to each product in the portfolio.
C.
Define resource update constraints for each product in the portfolio.
D.
Update the AWS CloudFormation template backing the product to include a service role configuration.
B is good.
Launch constraints allow an AWS Service Catalog end user to launch an AWS Service Catalog product without requiring elevated permissions to AWS resources.
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints-launch.html
Launch constraints apply to products in the portfolio (product-portfolio association). Launch constraints do not apply at the portfolio level or to a product across all portfolios. To associate a launch constraint with all products in a portfolio, you must apply the launch constraint to each product individually.
B is correct.
Apply launch constraints to each product in the portfolio.
Launch constraint specifies the IAM role that AWS Service Catalog assumes when an end user launches, updates, or terminates a product.
Option B, "Add a launch constraint to each product in the portfolio," is the correct choice.
A launch constraint allows administrators to define restrictions on which AWS Identity and Access Management (IAM) roles or users can launch a particular product. By applying launch constraints, the company can ensure that only users with the necessary permissions can provision resources associated with the product. This helps prevent unauthorized access and reduces the risk of accidental or intentional misconfiguration.
Answer is B
"Launch constraints allow an AWS Service Catalog end user to launch an AWS Service Catalog product without requiring elevated permissions to AWS resources."
https://aws.amazon.com/blogs/mt/how-to-launch-secure-and-governed-aws-resources-with-aws-cloudformation-and-aws-service-catalog/
A launch constraint specifies the AWS Identity and Access Management (IAM) role that AWS Service Catalog assumes when an end user launches a product.
Without a launch constraint, end users must launch and manage products using their own IAM credentials.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ChinkSantana
Highly Voted 3 years, 9 months agoDahMac
3 years, 8 months agoRaphaello
Most Recent 1 year, 4 months agopal40sg
2 years, 1 month agoSmartphone
2 years, 5 months agosapien45
2 years, 10 months agohk436
3 years, 8 months agokiev
3 years, 8 months agocldy
3 years, 9 months agoDayQuil
3 years, 9 months ago