create_constraint(**kwargs)¶Creates a constraint.
A delegated admin is authorized to invoke this command.
See also: AWS API Documentation
Request Syntax
response = client.create_constraint(
AcceptLanguage='string',
PortfolioId='string',
ProductId='string',
Parameters='string',
Type='string',
Description='string',
IdempotencyToken='string'
)
The language code.
en - English (default)jp - Japanesezh - Chinese[REQUIRED]
The portfolio identifier.
[REQUIRED]
The product identifier.
[REQUIRED]
The constraint parameters, in JSON format. The syntax depends on the constraint type as follows:
LAUNCH
You are required to specify either the RoleArn or the LocalRoleName but can't use both.
Specify the RoleArn property as follows:
{"RoleArn" : "arn:aws:iam::123456789012:role/LaunchRole"}
Specify the LocalRoleName property as follows:
{"LocalRoleName": "SCBasicLaunchRole"}
If you specify the LocalRoleName property, when an account uses the launch constraint, the IAM role with that name in the account will be used. This allows launch-role constraints to be account-agnostic so the administrator can create fewer resources per shared account.
Note
The given role name must exist in the account used to create the launch constraint and the account of the user who launches a product with this launch constraint.
You cannot have both a LAUNCH and a STACKSET constraint.
You also cannot have more than one LAUNCH constraint on a product and portfolio.
NOTIFICATION
Specify the NotificationArns property as follows:
{"NotificationArns" : ["arn:aws:sns:us-east-1:123456789012:Topic"]}RESOURCE_UPDATE
Specify the TagUpdatesOnProvisionedProduct property as follows:
{"Version":"2.0","Properties":{"TagUpdateOnProvisionedProduct":"String"}}
The TagUpdatesOnProvisionedProduct property accepts a string value of ALLOWED or NOT_ALLOWED .
STACKSET
Specify the Parameters property as follows:
{"Version": "String", "Properties": {"AccountList": [ "String" ], "RegionList": [ "String" ], "AdminRole": "String", "ExecutionRole": "String"}}
You cannot have both a LAUNCH and a STACKSET constraint.
You also cannot have more than one STACKSET constraint on a product and portfolio.
Products with a STACKSET constraint will launch an CloudFormation stack set.
TEMPLATE
Specify the Rules property. For more information, see Template Constraint Rules.
[REQUIRED]
The type of constraint.
LAUNCHNOTIFICATIONRESOURCE_UPDATESTACKSETTEMPLATE[REQUIRED]
A unique identifier that you provide to ensure idempotency. If multiple requests differ only by the idempotency token, the same response is returned for each repeated request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'ConstraintDetail': {
'ConstraintId': 'string',
'Type': 'string',
'Description': 'string',
'Owner': 'string',
'ProductId': 'string',
'PortfolioId': 'string'
},
'ConstraintParameters': 'string',
'Status': 'AVAILABLE'|'CREATING'|'FAILED'
}
Response Structure
(dict) --
ConstraintDetail (dict) --
Information about the constraint.
ConstraintId (string) --
The identifier of the constraint.
Type (string) --
The type of constraint.
LAUNCHNOTIFICATIONTEMPLATEDescription (string) --
The description of the constraint.
Owner (string) --
The owner of the constraint.
ProductId (string) --
The identifier of the product the constraint applies to. Note that a constraint applies to a specific instance of a product within a certain portfolio.
PortfolioId (string) --
The identifier of the portfolio the product resides in. The constraint applies only to the instance of the product that lives within this portfolio.
ConstraintParameters (string) --
The constraint parameters.
Status (string) --
The status of the current request.
Exceptions
ServiceCatalog.Client.exceptions.ResourceNotFoundExceptionServiceCatalog.Client.exceptions.InvalidParametersExceptionServiceCatalog.Client.exceptions.LimitExceededExceptionServiceCatalog.Client.exceptions.DuplicateResourceException