create a service catalog i am role in cloudformation template

Question

I have an IAM role in my current CFN template, but I dont have permission to directly create IAM in this account so I need to convert this to a service catalog code in my template: Here is the original code:

MongoDBRole:
 Type: 'AWS::IAM::Role'
 Properties:
  ManagedPolicyArns:
    - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
  AssumeRolePolicyDocument:
    Version: 2012-10-17
    Statement:
      - Effect: Allow
        Principal:
          Service:
            - 'ec2.amazonaws.com'
        Action:
          - 'sts:AssumeRole'
  Tags:
    - Key: name
      Value: role-mongodb
    - Key: env
      Value: !Ref TagEnvironment
    - Key: sme
      Value: dba

And this is what I tried

MongoDBRole:
 Type: AWS::ServiceCatalog::CloudFormationProvisionedProduct
 Properties:
  ProductName: IAMRole
  ProvisioningArtifactName: 1.0.9
  ProvisioningParameters:
    - Key: RoleNameSuffix
      Value: MongoRole
    - Key: AssumingServices
      Value: ec2.amazonaws.com
    - Key: ManagedPolicyArns
      Value: arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy

     This is the error:AWS::ServiceCatalog::CloudFormationProvisionedProduct CREATE_FAILED Model validation failed (#/Tags/0/Value: failed validation constraint for keyword [pattern])

I am not confident I created this the right and I am pretty new to cloudformation and moreso service catalog. How can I rectify this?

Answer 1

To use Service Catalog you need to:

1. create a portfolio (AWS::ServiceCatalog::Portfolio)
2. create a product (AWS::ServiceCatalog::CloudFormationProduct)
3. associate product with portfolio (AWS::ServiceCatalog::PortfolioProductAssociation)
4. provision the product (AWS::ServiceCatalog::CloudFormationProvisionedProduct)

In step 2. when you create a product you need to pass the template that you want to deploy, in your case the template for the IAM role