learn aws service catalog
Concepts
- products are cloudformation templates
- portfolio is collection of products
- access to portfolios is via IAM users, groups, roles
- IT administrator creates products and portfolios and grants access
- End user accesses products and deploys them
- example use cases: approved self-service products from Solution Factory
- e.g. static web site. S3 + CloudFormation + WAF + ACM (certificate) + Route 53 (hosted zone, domain)
- e.g. Oracle RDS DB with all security, tags, etc. in place
- Service Actions - enable end users to perform operational tasks, troubleshoot issues, run approved commands, or request permissions in AWS Service Catalog via SSM docs.
- can include/reference existing product(s) in your product cloudformation template. This enables modular composition and nesting.
Service Catalog Pipeline
Service catalog can be used to deliver products to all spoke accounts in an org.
Central hub account that provisions AWS Service Catalog Products into spoke accounts on your behalf
CloudFormation Support
Service Catalog resources can be created using CloudFormation. See AWS Service Catalog resource type reference.
Provision a Service Catalog Product Instance using CloudFormation
You can provision a Service Catalog Product using the AWS::ServiceCatalog::CloudFormationProvisionedProduct resource type.
For example, if you have a service catalog product named MyProduct you can provision an instance of it using the following cfn.
AWSTemplateFormatVersion: '2010-09-09'
Description: My Service Catalog Provisioned Product
Resources:
MyProvisionedProduct:
Type: AWS::ServiceCatalog::CloudFormationProvisionedProduct
Properties:
ProductName: MyProduct
ProvisioningArtifactName: '1.0'
ProvisioningParameters:
-
Key: param1
Value: "param1value"
-
Key: param2
Value: "param2Value"
Composing Solutions with AWS Service Catalog Provisioned Products
AWS Service Catalog now supports obtaining outputs from a Service Catalog provisioned product in an AWS CloudFormation template. Product outputs provide the interface from one product to another. With this new feature, administrators and developers can easily refer to those outputs in order to combine the products needed for their applications, which saves time building applications that use more than one product, such as a three-tier web application.
- Provisioned product outputs are now available in AWS Service Catalog.
- Enabled via
AWS::ServiceCatalog transform
Example cfn from docs
// Example 1
AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::ServiceCatalog'
Resources:
ExampleParameter:
Type: 'AWS::SSM::Parameter'
Properties:
Type: String
Value: '[[servicecatalog:provisionedproduct:SampleProvisionedProduct:SampleOutputKey]]'
// Example 2
AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::ServiceCatalog'
Resources:
ExampleParameter:
Type: 'AWS::SSM::Parameter'
Properties:
Type: String
Value: '[[servicecatalog:provisionedproduct:SampleProvisionedProduct:SampleOutputKey]]'
// Example 3
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::ServiceCatalog
Resources:
ExampleParameter:
Type: 'AWS::SSM::Parameter'
Properties:
Type: String
Value: "[[servicecatalog:provisionedproduct:SampleProvisionedProduct:SampleOutputKey]]"
// Example 4
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::ServiceCatalog
Resources:
ExampleParameter:
Type: 'AWS::SSM::Parameter'
Properties:
Type: String
Value: >-
[[servicecatalog:provisionedproduct:SampleProvisionedProduct:SampleOutputKey]]
// Example 5
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::ServiceCatalog
Resources:
ExampleParameter2:
Type: 'AWS::SSM::Parameter'
Properties:
Type: String
Value: [[servicecatalog:provisionedproduct:SSMProductProvisionedProduct:SampleOutputKey]]
Example Use Case | Static Website
The following is a simple example of a “Static Website” product for the service catalog. It’s an S3 bucket with website enabled for it. This product is purposely kept simple to keep the focus on Service Catalog, but a product can be make up of anything that can be expressed via a CloudFormation template.
Define Launch Constraint
the IAM role the cloudformation stack provisioning runs under
Allows you to assign an IAM role that is used to provision the resources at launch, so you can restrict user permissions without impacting users’ ability to provision products from the catalog.
Launch constraint for a product must be added at Portfolio level
see AWS Service Catalog Launch Constraints
Assign Users, Groups, Roles for Portfolio
End User Provisioning
Constraint Types
Template constraints allow you to limit/constrain CloudFormation template parameters. see AWS Service Catalog Template Constraints
CloudFormation Outputs
End User Provisioned Products List
Admin add new product version
End user Update Provisioned Product
End user view Resource changes
End user provisioning update
S3 static website hosting routing rules added (the update)
“Backing” CloudFormation Stack Details
Resources
- AWS Service Catalog | AWS Management & Governance Blog - all aws blogs posts tagged with “AWS Service Catalog”
- AWS Service Catalog Documentation
- service-catalog-tools-workshop.com/
- aws-samples/aws-service-catalog-reference-architectures
- AWS Service Catalog - Getting Started
- Simplify sharing your AWS Service Catalog portfolios in an AWS Organizations setup | Amazon Web Services
- AWS re:Invent 2018: Streamlining Application Development with AWS Service Catalog (DEV328)
- AWS CloudFormation support for AWS Service Catalog products
- GitHub - AlexRex/cdk-service-catalog: Showcase how to do a service catalog using CDK
- Standardize compliance in AWS using DevOps and a Cloud Center of Excellence (CCOE) approach | Amazon Web Services - example pipeline to delivery service catalog portfolio across all accounts in org.
- local evernote search
tag:service-catalog
Twitter • Reddit