Coming Soon – AWS Service Catalog
Running an IT department in a large organization is not easy. On the one hand, you want to provide your internal users with access to the latest and greatest technology so that they can be as efficient and as productive as possible. On the other hand, you, as the IT professional, need to set and maintain corporate standards, collect and disseminate best practices, and provide some oversight to avoid runaway spending and technology sprawl.
Years ago, early adopters brought AWS in to their organizations in a quiet, bottom-up fashion. Their agile, cloud-powered success stories spread quickly and came to the attention of upper-level folks sooner or later. While “shadow IT” is a well-proven model for technology adoption, there inevitably comes a time when more discipline is required.
The message that we are hearing from these large organizations is amazingly consistent! They are using AWS to support line-of-business applications and to deliver services of all sorts to their internal constituency. They want to do so in a manner that allows the benefits of AWS to come through, while giving them the templates, knobs, levers, and fences that are needed to maintain consistency, regulate access, promulgate best practices, and manage the budget.
Introducing the AWS Service Catalog
Today I would like to tell you about the upcoming AWS Service Catalog. This product is designed to address the needs and challenges that I just outlined! It is a tool that will allow any IT department to deliver AWS-powered services to internal users while maintaining consistency and control. I believe that the AWS Service Catalog has the potential to reduce support costs, encourage reuse, and to help organizations to realize the benefits of cloud computing that I’ve been writing about in this blog.
The AWS Service Catalog is a full-fledged AWS service. It has two distinct user interfaces — one for the administrator and another for the user. It also has a set of APIs designed to help with integration and product management. Let’s get started by discussing some key concepts and objects:
- Service Catalog – A service catalog exists within a single AWS account. It is managed by an Administrator, and contains one or more Portfolios.
- Administrator – An Administrator is responsible for uploading and maintaining Portfolios of Products in a Service Catalog.
- User – A User interacts with a Service Catalog by browsing a Portal containing one or more Portfolios, locating a Product of interest, and launching it. The user can run within the same AWS account as the Administrator or in a different one.
- Portal – A Portal is a view in to a Service Catalog, customized to reflect the Portfolios and Products that are accessible to a particular User.
- Portfolio – A Portfolio is a collection of versioned Products within a Service Catalog. Each Portfolio is accessible to a certain set of Users (determined by IAM role, group, or user name) within a Portal.
- Product – A Product is a collection of AWS resources (EC2 instances, application servers, databases, and so forth) that are instantiated and managed as a unit (a Stack in AWS terms). Product can be described by a CloudFormation template. Multiple independent versions of a Product can exist simultaneously within a single Portfolio.
I hope that this doesn’t sound overly complicated, because it really isn’t. To sum it up, the Administrator creates some Portfolios in a Service Catalog by uploading Products and setting some properties and permissions. Users browse through personalized Portals, find the Products they need, and launch them.
I will write about this product in more detail when it is ready to launch! Let’s take a quick tour to whet your appetite until then. In fact, let’s take two tours — one as an Administrator and another as a User. Remember that these are preliminary screen shots and that features may come and go between now and launch time.
AWS Service Catalog – Administrator Tour
Ok, so I’m the Administrator! I fire up the AWS Management Console and choose the AWS Service Catalog. Here’s what I see:
I start by creating a Portfolio by entering a name, a description, and an owner. I can also add tags if I’d like:
Now I can add a Product to the Portfolio. This process spans a couple of screens, but it is pretty simple. I start by describing the Product:
Next, I enter some support information, and some tags:
The final step is to specify the implementation of the Product using a CloudFormation template:
The Product is now in the Portfolio:
I can set constraints on the use of the Product, control access via users and groups, or share the Portfolio with other AWS accounts:
AWS Service Catalog – User Tour
Now let’s take a look at the Service Catalog from the user’s point of view. Once again, keep in mind that these screen shots are preliminary. Here’s the full, personalized portal:
The Products section displays the Products that I am allowed to launch:
I can launch a Product with a couple of clicks:
And the Stacks section displays the Stacks (running Products) in my account:
You can visit the AWS Service Catalog page and register for notifications and updates if you’d like.
I’ll have more to say about the AWS Service Catalog as it gets closer to launch; keep reading this blog and you’ll be among the first to know!