We are going to perform the following steps:
Here are the steps you need to follow to “Using AWS Service Catalog”
Navigate to the ServiceCatalogFactory CodeCommit repository
Open the Add file menu and click the Create file button
Copy the following snippet into the main input field:
Schema: factory-2019-04-01
Products:
- Name: "subnet"
Owner: "networking@example.com"
Description: "subnet for networking"
Distributor: "networking team"
SupportDescription: "Speak to networking@example.com about exceptions and speak to cloud-engineering@example.com about implementation issues"
SupportEmail: "cloud-engineering@example.com"
SupportUrl: "https://wiki.example.com/cloud-engineering/networking/subnet"
Tags:
- Key: "type"
Value: "governance"
- Key: "creator"
Value: "cloud-engineering"
- Key: "cost-center"
Value: "governance"
Versions:
- Name: "v1"
Description: "v1 of subnet"
Active: True
Source:
Provider: "CodeCommit"
Configuration:
RepositoryName: "subnet"
BranchName: "main"
Portfolios:
- "mandatory"
Portfolios:
- DisplayName: "mandatory"
Description: "Portfolio containing the mandatory networking components"
ProviderName: "cloud-engineering"
Associations:
- "arn:aws:iam::${AWS::AccountId}:role/<INSERT YOUR ROLE NAME HERE>"
Tags:
- Key: "type"
Value: "governance"
- Key: "creator"
Value: "cloud-engineering"
- Key: "cost-center"
Value: "governance"
Update the Associations in the pasted text to include the IAM role name you are assuming in your account.
Set the File name to portfolios/networking.yaml
Set your Author name
Set your Email address
Set your Commit message
Using a good / unique commit message will help you understand what is going on later.
The YAML file we created in the CodeCommit repository told the framework to perform several actions:
Once you have made your changes the ServiceCatalogFactory Pipeline should have run. If you were very quick in making the change, the pipeline may still be running. If it has not yet started feel free to the hit the Release change button.
Once it has completed it should show the Source and Build stages in green to indicate they have completed successfully:
When you configured your product version, you specified the following version:
Versions:
- Name: "v1"
Description: "v1 of subnet"
Active: True
Source:
Provider: "CodeCommit"
Configuration:
RepositoryName: "subnet"
BranchName: "main"
This tells the framework the source code for the product comes from the main branch of a CodeCommit repository of the name subnet.
We now need to create the CodeCommit repository and add the AWS CloudFormation template we are going to use for our product.
Navigate to AWS CodeCommit
Click Create repository
subnet
AWSTemplateFormatVersion: '2010-09-09'
Description: |
Builds out a VPC for use
Parameters:
SubnetCIDR:
Type: String
Description: |
Subnet to use for the Subnet
VPCID:
Type: String
Description: |
VPC to create Subnet in
Resources:
Subnet:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: VPCID
CidrBlock:
Ref: SubnetCIDR
AvailabilityZone: !Select
- 0
- !GetAZs
Ref: 'AWS::Region'
Set the File name to product.template.yaml
Set your Author name
Set your Email address
Set your Commit message
Using a good / unique commit message will help you understand what is going on later.
Creating that file should trigger your subnet-v1-pipeline.
Once the pipeline has completed it should show the stages in green to indicate they have completed successfully:
You should see your commit message on this screen, it will help you know which version of ServiceCatalogFactory repository the pipeline is processing.
Once you have verified the pipeline has run you can go to Service Catalog products to view your newly created version.
You should see the product you created listed:
Click on the product and verify v1 is there
If you cannot see your version please raise your hand for some assistance
You have now successfully created a version for your product!
Now that you have verified the pipeline has run you can go to Service Catalog portfolios to view your portfolio.
Click on the product subnet
Click on the version v1
Navigate to the ServiceCatalogPuppet CodeCommit repository again
Click on manifest.yaml
Click Edit
Append the following snippet to the end of the main input field:
launches:
subnet:
portfolio: "networking-mandatory"
product: "subnet"
version: "v1"
depends_on:
- name: vpc
type: stack
affinity: stack
parameters:
VPCID:
ssm:
name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
SubnetCIDR:
default: '10.0.0.0/24'
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
The main input field should look like this (remember to set your account_id):
accounts:
- account_id: "<YOUR_ACCOUNT_ID_WITHOUT_HYPHENS>"
name: "puppet-account"
default_region: "eu-west-1"
regions_enabled:
- "eu-west-1"
tags:
- "type:prod"
- "partition:eu"
stacks:
delete-default-networking-function:
name: "delete-default-networking-function"
version: "v1"
capabilities:
- CAPABILITY_NAMED_IAM
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
vpc:
name: "vpc"
version: "v1"
depends_on:
- name: "delete-default-networking"
type: "lambda-invocation"
affinity: "lambda-invocation"
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
outputs:
ssm:
- param_name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
stack_output: VPCId
lambda-invocations:
delete-default-networking:
function_name: DeleteDefaultNetworking
qualifier: $LATEST
invocation_type: Event
depends_on:
- name: "delete-default-networking-function"
type: "stack"
affinity: "stack"
invoke_for:
tags:
- regions: "default_region"
tag: "type:prod"
assertions:
assert-no-default-vpcs:
expected:
source: manifest
config:
value: []
actual:
source: boto3
config:
client: 'ec2'
call: describe_vpcs
arguments: {}
use_paginator: true
filter: Vpcs[?IsDefault==`true`].State
depends_on:
- name: "delete-default-networking"
type: "lambda-invocation"
affinity: "lambda-invocation"
assert_for:
tags:
- regions: regions_enabled
tag: type:prod
launches:
subnet:
portfolio: "networking-mandatory"
product: "subnet"
version: "v1"
depends_on:
- name: vpc
type: stack
affinity: stack
parameters:
VPCID:
ssm:
name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
SubnetCIDR:
default: '10.0.0.0/24'
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
Using a good / unique commit message will help you understand what is going on later.
The YAML file we created in the previous step told the framework to perform the following actions:
When you added the following:
launches:
subnet:
portfolio: "networking-mandatory"
product: "subnet"
version: "v1"
depends_on:
- name: vpc
type: stack
affinity: stack
parameters:
VPCID:
ssm:
name: "/networking/vpc/account-parameters/${AWS::AccountId}/${AWS::Region}/VPCId"
SubnetCIDR:
default: '10.0.0.0/24'
deploy_to:
tags:
- tag: "type:prod"
regions: "default_region"
You told the framework to provision v1 of subnet from the portfolio networking-mandatory into every account that has the tag type:prod
accounts:
- account_id: "<YOUR_ACCOUNT_ID_WITHOUT_HYPHENS>"
name: "puppet-account"
default_region: "eu-west-1"
regions_enabled:
- "eu-west-1"
tags:
- "type:prod"
- "partition:eu"
Within each account there will be a copy of the product provisioned into the default region:
accounts:
- account_id: "<YOUR_ACCOUNT_ID_WITHOUT_HYPHENS>"
name: "puppet-account"
default_region: "eu-west-1"
regions_enabled:
- "eu-west-1"
tags:
- "type:prod"
- "partition:eu"
Once you have made your changes the ServiceCatalogPuppet Pipeline should have run. If you were quick in making the change, the pipeline may still be running. If it has not yet started feel free to the hit the Release change button.
Once it has completed it should show the stages in green to indicate they have completed successfully:
Once you have verified the pipeline has run you can go to Service Catalog provisioned products to view your provisioned product. Please note when you arrive at the provisioned product page you will need to select account from the filter by drop down in the top right:
You have now successfully provisioned a product