Amazon AWS Certified SysOps Administrator Associate – AWS Account Management Part 4

9. AWS Service Catalog Overview

Now let’s talk a service that can come up at the exam on one or two questions, which is the AWS service catalog. So the idea is that when you go and start with AWS, you have too many options and it’s very complicated for beginners to get started. And sometimes your users just want to be using the services and so they may create stacks though that are not going to be compliant or in line with the rest of the organization. So they just want, want a quick self service portal that allows them to be launching a set of authorized products that will be predefined by admins in the service catalog.

So for example, you may have a user that say, hey, I want a virtual machine for doing my machine learning, I want a database for my application, I want storage options, et cetera, et cetera. So this is where the service catalog comes in. So the idea is that you have admins and users, so your admins are going to create products. And products are a short name for cloud formation templates. So we already know cloud formation templates, the ideas that we’ll use products to encapsulate them. Then we build a portfolio which is a collection of products, okay, collection of cloud formation templates. And then we define controls such as im permissions for who can access this portfolio.

Now your users on the other side, they will have a product list available to them and they will see that list thanks to the IAM permissions we have defined from before. And if they’re happy with the product, they will launch it and then the product will be provisioned which is ready to use, properly configured and properly typed. So the idea is that here we allow our users to pick and choose from a list of cloud formation templates organized in portfolios and launch them safely. So our users may not have access to a device at all, but only to the service catalog and they can launch full stacks, okay, without directly accessing cloud formation only by using the confirmation templates authorized in the service catalog. But this allows them to be faster and launch exactly what they can. Okay? So now let’s talk about sharing catalogs.

So you have a catalog in your account and you can share it with other accounts or within an organization. So let’s say there’s a portfolio, you have two sharing options. The first one is to share a reference to the portfolio and then import the shared portfolio in the recipient account and in that case that will be synchronized with the original portfolio. So that means that the admin in account B can import the portfolio and launch products out of the portfolio. And then in case we add more products to the portfolio in account A, then the admins will see them because they’re in sync and so we’ll be able to launch products from them as well.

But we can also deploy a copy of the portfolio into the representative accounts in which case, well, in case of updates happening in portfolio A they need as well to be copied into the account B because this is a copy and not an in sync sharing. So two options in different use cases and then based on this, you can create products from the imported portfolio to your local portfolios. Okay, finally let’s talk about tags with service catalog. So you can manage tags on your provision products and this is called a tag option. So this is a key value pair you predefined in the service catalog and it’s managed by it and this is used to create a tag in AWS. So you can associate a tag option with a portfolio and a product.

For example, we can associate the tag option environment as with the key and value prod. Okay, we associate it with portfolio A and that means that anytime we launch a stack from a product in portfolio A then it will inherit the tags, key environment and value prod. And as you can see for example, my easy two instances now are tagged properly. So the use cases of that is to do proper resource tagging or to only use allowed tags that are find in the service catalog. And these tag options can also be shared with other accounts or with an organization. So that’s it for the service catalog. I hope you liked it and I will see you in the next lecture.

10. AWS Service Catalog Hands-On

So let’s get started with service catalog. So I’ll just keep here and say service catalog. Here we go. So what we are going to do next is click on it and as we can see, we are directly on this UI that is literally a service catalog. So we get the logo, a service catalog right here and we can get product list, portfolio list, et cetera, et cetera. So let’s do something pretty cool at first. We’re going to change things. So we’re going to change your logo. And I want to use the logo of my company. And maybe I want to change also the primary color to something like blue. I’ll just use the blue of my company. Here we go. And apply. So this is literally to show you that it is a service catalog.

And so you can brand it however you want. So for whoever you work for, you can just brand service catalog and make it look like it’s yours. Okay. Now as an admin we’re going to be able to get provisioned products and portfolios, whereas a user, we can see the product list and the provision product list. So let’s get started. As an admin, as an admin I’m going to click on Product List and I want to upload a new product. Let me just close these prompts. Here we go. So this product is going to be called My Stack. Whatever you want, you can do whatever you want and say this is an example product provided by so you can say whoever provided this. So it could be an admin, it could be Stefan. And if it’s there as a vendor, you can even set the vendor right here.

But this is not a mandatory field. Click on Next and here we can enter some email contact if you wanted to for support. This is not something you have to do. And then a support link for supporting this product and the support description. But we don’t need this. Finally we need the version details so we can upload a template file. And here I’m going to click on choose File and I will choose so in my code there is a service catalog folder. I’ll select lamp stack. So this is just the stack we’ve launched before in cloud formation, which contains just a lamp stack, very quickly made and that’s template constraint from AWS. Okay, the version title, we’ll call it V 1. 0 and we can say first version as the description. Click on next. And now we’re done. We can review everything.

So, okay, we have our stack. This is an example product, it’s provided by me. And here is my contact for support. And here is my version source and my version title and everything like this. This is perfect. I’ll create this product. And now we have our first product being created called My Stack. And it will appear after a few seconds. Here it is. Okay, now we have to assign this product to a portfolio. So as an administrator, I’m going to create a portfolio and I’ll call it my web devs. And this is for my web developers and so it’s a portfolio for apps for my web developers and the owner again is going to be myself. So I click on create and now in this portfolio I’m going to be able to add product to it.

So I can click on Add product and upload my stack. Click on my stack and add the product to the portfolio. Okay, excellent. So now in this portfolio, my web devs, we start having some products. So if I refresh, as we can see now my stack is there. And here if we wanted to, we could add some users to be able to do stuff on our portfolio. So this is where we can set up some users, we can set up some constraints in the way the products are launched by users, but then more importantly, we can assign user groups and roles to be able to use this portfolio. So I click on Add, user, group or role. In here I’m able to say okay, my admins and maybe the users defend and maybe some roles if you wanted to, are able to access this portfolio. So I click on Add access and here we go.

Now my users group enrolls can successfully access all the products within this portfolio. Okay, so how does it work now then I have to switch accounts, so I’m going to log in as my users defend. So for this I go to my sign in for my users. Here’s my account ID. I have an item username that I’ve created from before and a password. And I just click on sign in. So I’m now signed in and I can go to my service catalog and in there in my portfolio. Just make sure you are in the right region. By the way, in my product list on the top left hand side, as a user I’m able to see my stack that was assigned as something I can create. So I can basically click launch the product. And here I say okay, what do I want to launch? So let’s say my stack launched and I’ll just not include any spaces.

I will select version 1. 0 and I will just launch and you can just say whatever option you want. They’re the same as probably because I added twice the same user. Anyway, we’ll just launch this one click on next. The parameters is whatever parameters I want to set for my stack. So this is like cloud formation parameters just like before. So here the key name for my EC. Two instances is going to be a race course. My database password is going to be password. My SS location is going to be from anywhere. My database is my database database user. I’ll call it Stefan and the root password is going to be password. This looks good. And then the instance type is going to be a t, two micro. Here we go. Click on Next and Next here we could have added some tag options if you wanted to. Next and then next. And here we go. This looks just like cloud formation. And click on next.

And here basically what we’ve done is that we’ve provisioned this internal application directly through this self service. And so this is just like the confirmation template though it will get launched and what we get as a result is how we can use that product directly. So think of the possibilities that you can have when you have some users who don’t need to know AWS, but just need to access and launch confirmation templates on demand. This is how they would do it. This is how they would do it through the service catalog. So now I have to wait for my stack to be created.

So I’ll just wait a little bit. So now my stack has succeeded, the status has succeeded. And so if we scroll down, we can see that there is a website URL we can access directly. That’s the outputs straight from my confirmation template. So this is why outputs are super important when you start using service catalog. And here we go. I can start using my lamp stack and do whatever I want with this if I wanted to, but I don’t have to. But that’s if I wanted you. And so that’s it.

That’s how service catalog works. And if you wanted to just stop using this application, you would click on Terminate and then you will just go ahead and terminate the entire application stack. So that’s it. You’ve seen service catalog. Just remember it’s literally a service catalog. So you create portfolios and products and then you allow users to provision them. And that’s it. I will see you in the next lecture.