AWS Service Catalog allows companies to centrally manage commonly deployed IT services, helping to achieve consistent governance and meet compliance requirements. With AWS Service Catalog, you can control which products are available to your end users, enabling them to quickly deploy only the approved services and versions they need. When creating a new AWS Service Catalog product, companies most commonly import an AWS CloudFormation template that defines the AWS resources required for the product, relationships between resources, and customizable parameters. AWS CloudFormation stacks make it easier to manage, provision, update, and terminate a product as a single unit. However, some companies rely on manual processes to validate their product templates, which can lead to inconsistencies and wasted time.

To help customers more easily and more reliably create and manage their AWS Service Catalog products, AWS offers the AWS Service Catalog Validation Pipeline solution. This reference implementation uses AWS Developer Tools to build a pipeline that integrates DevOps best practices for continuous integration and automatic testing of new and updated product templates. The solutions uses AWS CloudFormation to automatically provision and configure the necessary services, including AWS CodePipeline, AWS CodeBuild, and AWS Lambda, to run a set of customizable tests for logical and functional integrity against product templates.

The following sections assume basic knowledge of DevOps practices, AWS CloudFormation, and architecting on the AWS Cloud.

When managing a central IT service catalog, implement continuous integration and continuous delivery (CI/CD) practices for rapid and reliable product releases. Automated build, validation, and deployment processes can increase overall efficiency when managing a product catalog, enabling you to more easily and regularly iterate on your product offerings and provide users with the most consistent and correct product versions. With these general best practices in mind, consider the following when managing a central IT service catalog:

  • Use AWS CloudFormation or other code templates to help standardize the creation and deployment of IT products.
  • Integrate your catalog with a source repository to more easily manage and monitor product versions, and implement granular access control policies to that repository.
  • Use a CI/CD pipeline to simplify the execution of different automated tasks. Incorporate logical tests to check for correct syntax, references, and security settings, along with functional tests that examine regional application, network accessibility, and resource dependencies.
  • Include a manual approval stage in your pipeline before deploying templates to a production environment.

AWS offers a solution that automatically provisions and configures the AWS services necessary to create a validation pipeline for AWS Service Catalog product templates. The diagram below presents the components and functionality you can build using the AWS Service Catalog Validation Pipeline implementation guide and accompanying AWS CloudFormation template. 

  1. AWS CodePipeline monitors your AWS CodeCommit repository (the pipeline source) for new or modified AWS CloudFormation templates.
  2. An AWS Lambda function runs logical pre-create tests on the template code, including a default test on template syntax, an optional test that uses AWS CodeBuild, and any user-defined tests.
  3. A Lambda function launches test product stacks in multiple AWS Regions, as defined in a customer-provided configuration file.
  4. Another Lambda function runs user-defined functional post-create tests on the test stacks.
  5. If all tests are successful, the solution sends an Amazon Simple Notification Service (Amazon SNS) email notification to let you know that the product template is ready for manual approval in AWS CodePipeline.
  6. Once approved, the pipeline invokes a Lambda function that deploys the product template to a solution-created Amazon Simple Storage Service (Amazon S3) bucket, where it also stores Amazon CloudWatch data on each Lambda function.
Deploy Solution
Implementation Guide

What you'll accomplish:

Deploy the AWS Service Catalog Validation Pipeline using AWS CloudFormation templates that automatically launch and configure the components necessary to implement a validation pipeline for AWS Service Catalog product templates.

Build upon a preconfigured testing framework to develop your own custom testing. This AWS CloudFormation Validation Pipeline includes Lambda functions that run common checks, such as correct resource naming and network connectivity, and provide a reference for your own Lambda-based tests. The solution also incorporates the AWS Quick Start testing methodology, enabling you to automatically launch multiple test stacks with different parameters and across different AWS Regions.

Experiment with a demo environment to understand the overall pipeline flow. The solution includes a supplementary AWS CloudFormation template that configures a fully functioning demo environment, enabling customers to experiment with pipeline functionality while familiarizing themselves with AWS CloudFormation best practices (see the implementation guide for more information).

What you'll need before starting:

An AWS account: You will need an AWS account to begin provisioning resources. Sign up for AWS.

An AWS CodeCommit repository: This solution is designed to use an AWS CodeCommit repository as the pipeline source.

Skill level: This solution is intended for IT infrastructure and DevOps professionals who have practical experience with automation and architecting on the AWS cloud.

Q: What tests does the AWS Service Catalog Validation Pipeline include?

The AWS Service Catalog Validation Pipeline includes a set of preconfigured Lambda functions for validating your AWS Service Catalog product templates, including pre-create checks on template code and syntax and post-create checks on test product stacks. One of these functions runs a default set of tests from cfn-nag, an open source linting tool for AWS CloudFormation. You can also incorporate your own custom tests into the pipeline. See the implementation guide for detailed information.

Q: Can I deploy this solution in any AWS Region?

You must deploy this solution in an AWS Region that supports AWS Service Catalog, AWS CodePipeline, AWS CodeBuild, and AWS CodeCommit. Once deployed, you can configure the pipeline to launch test stacks in any region that supports AWS Service Catalog.

Q: Will the pipeline automatically deploy products to my AWS Service Catalog portfolio?

No. The pipeline deploys approved product templates to a solution-created Amazon S3 bucket. From there, you can manually move product templates to your portfolio or implement continuous delivery to automate the process. For an example of a continuous delivery solution, see Building a Continuous Delivery Pipeline for AWS Service Catalog on the AWS DevOps Blog.

Q: Which source code repositories does this solution support?

The AWS Service Catalog Validation Pipeline is designed to integrate with an existing AWS CodeCommit repository. If you want to use an Amazon S3 bucket or GitHub as your repository location, you must modify the source stage of the pipeline and configure access appropriately. See the implementation guide for more information.

Need more resources to get started with AWS? Visit the Getting Started Resource Center to find tutorials, projects and videos to get started with AWS.

Tell us what you think