DEVHIDE
Login Or Sign up

error creating SageMaker project in terraform because service catalog product "does not exist or access was denied"

778 Views Asked by At

I have a product with id: prod-xxxxxxxxxxxx. I have checked that it exists in aws service catalog. However, when I try to create an aws_sagemaker_project using terraform:

resource "aws_sagemaker_project" "test-project" {
  project_name = "test-project"

  service_catalog_provisioning_details {
    product_id = "prod-xxxxxxxxxxxx"
  }
}

I get the error: "error creating SageMaker project: ValidationException: Product prod-xxxxxxxxxxxx does not exist or access was denied". How do I ensure that I can access this product?

Do I need a launch constraint for this product, and to grant access to the portfolio to end users as described here: https://docs.aws.amazon.com/sagemaker/latest/dg/sagemaker-projects-templates-custom.html?

amazon-web-services terraform amazon-sagemaker aws-service-catalog
Original Q&A
2

There are 2 best solutions below

1
On

You need to aws_servicecatalog_product terraform state to refer to product_id.

resource "aws_servicecatalog_product" "example" {
  name  = "example"
  owner = [aws_security_group.example.id]
  type  = aws_subnet.main.id

  provisioning_artifact_parameters {
    template_url = "https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/temp1.json"
  }

  tags = {
    foo = "bar"
  }
}

resource "aws_sagemaker_project" "example" {
  project_name = "example"

  service_catalog_provisioning_details {
    product_id = aws_servicecatalog_product.example.id
  }
}
1
On

This error means that you haven't granted access to the service catalog's portfolio to your terraform IAM principal/user/role. Basically you are unable to "see" the product based on the end user section of the service catalog portfolio.

You can fix this by adding the following Servicecatalog resources

resource "aws_servicecatalog_principal_portfolio_association" "project" {
  portfolio_id  = aws_servicecatalog_portfolio.portfolio.id
  principal_arn = "${ROLE_ARN}"
}

resource "aws_servicecatalog_portfolio" "portfolio" {
  name          = "My App Portfolio"
  description   = "List of my organizations apps"
  provider_name = "Brett"
}

resource "aws_servicecatalog_product_portfolio_association" "example" {
  portfolio_id = aws_servicecatalog_portfolio.portfolio.id
  product_id   = "prod-xxxxxxxxxxxx"
}

Related Questions in AMAZON-WEB-SERVICES

Related Questions in TERRAFORM

Related Questions in AMAZON-SAGEMAKER

Related Questions in AWS-SERVICE-CATALOG

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.