learn aws service catalog
Concepts
- products are cloudformation templates
- portfolio is collection of products
- access to portfolios is via IAM users, groups, roles
- IT administrator creates products and portfolios and grants access
- End user accesses products and deploys them
- approved self-service products from Solution Factory
- e.g. Oracle RDS DB with all security, tags, etc. in place
- e.g. static web site. S3 + CloudFormation + WAF + ACM (certificate) + Route 53 (hosted zone, domain)
- ** you can include/reference existing product(s) in your product cloudformation template. This allows for modular composition and nesting.
Launch constraint
the IAM role the cloudformation stack provisioning runs under
Allows you to assign an IAM role that is used to provision the resources at launch, so you can restrict user permissions without impacting users’ ability to provision products from the catalog.
Launch constraint for a product must be added at Portfolio level
see AWS Service Catalog Launch Constraints
Assign Users, Groups, Roles for Portfolio
End User Provisioning
Constraint Types
Template constraints allow you to limit/constrain CloudFormation template parameters. see AWS Service Catalog Template Constraints
CloudFormation Outputs
End User Provisioned Products List
Admin add new product version
End user Update Provisioned Product
End user view Resource changes
End user provisioning update
S3 static website hosting routing rules added (the update)
“Backing” CloudFormation Stack Details
Resources
- AWS Service Catalog Documentation
- aws-samples/aws-service-catalog-reference-architectures
- AWS Service Catalog - Getting Started
- AWS re:Invent 2018: Streamlining Application Development with AWS Service Catalog (DEV328)
Twitter • Reddit