AWS Service Catalog Tools Intro Workshop > 2019 AWS re:Invent Workshop > Data governance > Provision the control

Provision the control

What are we going to do?

We are going to perform the following steps:

provision the product aws-config-rds-storage-encrypted

For this workshop, we are using the same account as both the hub and spoke for simplicity; in a multi-account setup, products that are created in a hub account could be provisioned in multiple spoke accounts.

Step by step guide

Here are the steps you need to follow to “Provision the control”

Provision the product aws-config-rds-storage-encrypted into a spoke account

Navigate to the ServiceCatalogPuppet CodeCommit repository again
Click on manifest.yaml
Click Edit
Append the following snippet to the end of the main input field:

  aws-config-rds-storage-encrypted:
    portfolio: "reinvent-cloud-engineering-governance"
    product: "aws-config-rds-storage-encrypted"
    version: "v1"
    deploy_to:
      tags:
        - tag: "type:prod"
          regions: "default_region"

The main input field should look like this (remember to set your account_id):

accounts:
  - account_id: "<YOUR_ACCOUNT_ID_WITHOUT_HYPHENS>"
    name: "puppet-account"
    default_region: "eu-west-1"
    regions_enabled:
      - "eu-west-1"
    tags:
      - "type:prod"
      - "partition:eu"

launches:
  aws-config-desired-instance-types:
    portfolio: "reinvent-cloud-engineering-governance"
    product: "aws-config-desired-instance-types"
    version: "v1"
    parameters:
      InstanceType:
        default: "t2.medium, t2.large, t2.xlarge"
    deploy_to:
      tags:
        - tag: "type:prod"
          regions: "default_region"
  aws-config-rds-storage-encrypted:
    portfolio: "reinvent-cloud-engineering-governance"
    product: "aws-config-rds-storage-encrypted"
    version: "v1"
    deploy_to:
      tags:
        - tag: "type:prod"
          regions: "default_region"

AWS Committing the manifest file

Now that we have written the manifest file we are ready to commit it.

Set your Author name
Set your Email address
Set your Commit message

Using a good / unique commit message will help you understand what is going on later.

Click the Commit changes button:

What did we just do?

The YAML we pasted in the previous step told the framework to perform the following actions:

provision a product named aws-config-rds-storage-encrypted into each of the enabled regions of the account

Verifying the provisioning

Once you have made your changes the ServiceCatalogPuppet Pipeline should have run. If you were quick may still be running. If it has not yet started feel free to the hit the Release change button.

Once it has completed it should show the Source, Generate and Deploy stages in green to indicate they have completed successfully:

If this is failing please raise your hand for some assistance

Once you have verified the pipeline has run you can go to Service Catalog provisioned products to view your provisioned product. Please note when you arrive at the provisioned product page you will need to select account from the filter by drop down in the top right:

If you cannot see your product please raise your hand for some assistance

You have now successfully provisioned a product

Verify the AWS Config rule is enabled

To see the AWS Config rule enabled, navigate to AWS Config rules. Once there you should see the following: