CSAP Service Catalog

  Amazon Web Services (AWS), Certified Solutions Architect Professional

Main Menu

Menu

  • Overview of Service Catalog
  • Creating Product and Portfolio in Service Catalog
  • Document Code – AWS Service Catalog

Overview of Service Catalog

https://www.udemy.com/aws-certified-solutions-architect-professional/learn/v4/t/lecture/13307990?start=0

AWS Service Catalog enables organizations to create and manage catalogs of IT services that are approved for use on AWS.

Issues

  • Users can launch whatever they want with out regulation
  • This can be a security issue if they leave their security groups open to the world.

How it works

  • Service Catalogs are based on CloudFormation scripts that build to the standards that are pre-defined in the scripts.  For example:
    • EC2 size and AMI
    • Security Groups
  • Provides users with sets of products they can deploy without requiring an admin to create these for them.
  • Grouping of products is known as a Portfolio
    • Only Admins can create and edit Portfolios
    • Users given access to a Portfolio can launch any products within that portfolio

Creating Product and Portfolio in Service Catalog

https://www.udemy.com/aws-certified-solutions-architect-professional/learn/v4/t/lecture/13307994?start=0

From video on Console:

  • Service Catalog admins: AWSServiceCatalogAdminFullAccess policy
  • End users: AWSServiceCatalogEndUserFullAccess policy

Overview

  • Create a portfolio
    • Add the users groups and roles to the portfolio
  • Create a product
  • Add the product to the portfolio

Procedure

OverCreate a portfolio then add products to it

  • Create the Portfolio
    • Management and Governance > Service Catalog > Portfolio list > CREATE PORTFOLIO
    • Create portfolio
      • Portfolio name: Development EC2 Instance Stack
      • Description: Used for development purposes
      • [ Create ]
  • Add the users groups and roles
    • Portfolio list > Click the portfolio name
    • Portfolio: <name>
      • Users, groups and roles > Add user, group or role
        • This name is misleading. You can add multiple users, groups and roles at this time
        • Select the users, groups and roles you wish to allow access to this portfolio
        • [ ADD ACCESS ]
  • Create a product
    • Products list > UPLOAD NEW PRODUCT
    • Upload new product
      • Enter product details
        • Product name: EC2 Instance Stack
        • Details: Used for development
        • Provided by: Security Team
        • [ Next ]
      • Enter support details
        • Optional
        • [Next]
      • Version details
        • Select template
          • Upload a new CloudFormation script, or provide the url to it. (Likely an S3 file)
        • Version: Dev-ubuntu-01
        • Description: This should be used for all Dev Ubuntu instance creation
        • [ NEXT ]
      • Review
        • [ CREATE ]
  • Upload new product
    • Enter product details
      • All optional
    • [Next]

0:00

Document Code

AWSTemplateFormatVersion: "2010-09-09"
Description: "EC2 instance for development."
Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: "ami-03c652d3a09856345"
      InstanceType: "t2.micro"

 

LEAVE A COMMENT