AWS Cloud Operations Blog

Managing Amazon WorkSpaces by integrating AWS Service Catalog with ServiceNow

As enterprises adopt Amazon WorkSpaces as their virtual desktop solution, there is a need to implement an ITSM-based self-service offering for provisioning and operations.

In this post, you will learn how to integrate AWS Service Catalog with ServiceNow so users can request their own WorkSpace instances inclusive of all business-level approvals and auditing. You will then see how to use Self-Service Actions to add operations functions directly from ServiceNow to allow users to reboot, terminate, repair, or upgrade their WorkSpaces.

Overview

AWS Service Catalog allows you to manage commonly deployed AWS services and provisioned software products centrally. This service helps your organization achieve consistent governance and compliance requirements, while enabling users to deploy only the approved AWS services they need.

ServiceNow is an enterprise service-management platform that places a service-oriented lens on the activities, tasks, and processes needed for a modern work environment. AWS Service Catalog is a self-service application through which end users can order IT services based on request fulfillment approvals and workflows, enabling you to approve a specific request within ServiceNow (for example, a request for a WorkSpace to be provisioned).

Solution

This solution shows how AWS Service Catalog can be used to enable a self-service lifecycle-management offering for Amazon WorkSpaces from within ServiceNow. Using this solution:

  • Users can provision, upgrade, and terminate their WorkSpace instance from within the ServiceNow portal.
    • At the request stage, users can select the instance size, type, and configuration parameters when creating their order in the AWS Service Catalog.
    • After the instance is created, the user can follow the same process to request service actions such as reboot, terminate, rebuild, or upgrade.
  •  ServiceNow admins can determine (based on IAM roles) which Amazon WorkSpaces software bundle each group of users installs by default.

The arrows in the following diagram depict the API flow between the services when users access Amazon WorkSpaces via ServiceNow and AWS Service Catalog.

 

Prerequisites

To get started, do the following:

1.       Install and configure the AWS Service Catalog connector for ServiceNow.

2.       Add an Amazon WorkSpaces product.

After installing the prerequisites, you have an AWS Service Catalog-provisioned product. Now, you can access the following Create WorkSpace Instance page to provision, upgrade, and terminate WorkSpace instances within ServiceNow.

 

 

Adding AWS Service Catalog operational actions

Next, you will add AWS Service Catalog Self Service Actions, enabling you to run an AWS API call or command on the Workspace instance, including:….”Install a software package.

·         Reboot a workspace instance.

·         Change performance modes.

·         Repair a workspace instance.

For each Service-Action that you want to create, you will need to add an AWS Systems Manager automation document. In this example, you will create an AWS Service Catalog service action to reboot a workspace instance.

First, create a JSON file for the Service-Action that you wish to create.

Here’s sample code for an API-driven Amazon WorkSpaces reboot

{
  "description": "Reboot WorkSpaces instances",
  "schemaVersion": "0.3",
  "assumeRole": "{{ AutomationAssumeRole }}",
  "parameters": {
    "WorkspaceId": {
      "type": "String",
      "description": "WorkspaceID- ws-xxxx"
    },
    "WPAction": {
      "type": "String",
      "description": "Action",
      "default": "Reboot"
    },
    "AutomationAssumeRole": {
      "type": "String",
      "description": "(Optional) The ARN of the role that allows Automation to perform the actions on your behalf.",
      "default": ""
    }
  },
  "mainSteps": [
    {
      "name": "wpreboot",
      "action": "aws:executeAwsApi",
      "inputs": {
        "Service": "workspaces",
        "Api": "RebootWorkspaces",
        "RebootWorkspaceRequests": [
          {
            "WorkspaceId": "{{ WorkspaceId }}"
          }
        ]
      },
      "isEnd": "True"
    }
  ]
}

After you create this file, execute the AWS CLI command to build the automation document and link it to Amazon WorkSpaces.

 

Note

Complete this task in the AWS CLI to enable the AWS::WorkSpaces::Workspace target.

In this example, the file is named wpreboot.json to create an automation document called wpreboot. Run the following command:

C:\ssm>aws ssm create-document –content file://c:\ssm\wpreboot.json –name wpreboot –document-type Automation –target /AWS::WorkSpaces::Workspace

Test this action in Systems Manager to ensure that it’s working as expected.

Next, add the automation document to a new AWS Service Catalog self-service action.  Instuctions can be found at: https://docs.aws.amazon.com/servicecatalog/latest/adminguide/using-service-actions.html  Once completed, you should have the service actions associated with your Amazon WorkSpaces product similar to the following example.

 

In the ServiceNow portal, you should now have this “reboot” option associated with your product as shown in the following example.

 

Adding ServiceNow Workflows

As a final step, you will build ServiceNow Workflows to allow you to add approvals, notifications, open change records, and other organizational-based requirements before an order is approved.

The AWS Service Catalog connector for ServiceNow contains the following Workflows that you can use as a starting point. The workflows should be updated to meet the needs of your organization.

·         AWS Service Catalog – Approve Change Request

·         AWS Service Catalog – Execute Provisioned Product Action

·         AWS Service Catalog – Invoke Workflow Task

·         AWS Service Catalog – Provision Product Request

·         AWS Service Catalog – Track Product record

 

Summary

Integrating AWS Service Catalog with ServiceNow gives end users the ability to create a self-service lifecycle-management solution for Amazon WorkSpaces in a familiar, secure, ITSM-aligned process. With the addition of Service Actions, enterprises can add additional operational capabilities such as the ability to upgrade, reboot, repair or install software to their Amazon WorkSpace from within the ServiceNow Portal.

 

About the author

Alan DeLucia is a New York based Business Development Manager with AWS Service Catalog and AWS Control Tower. Alan enjoys helping customers build management capabilities and governance into their AWS solutions. In his free time, Alan is an avid Mountain Biker and enjoys spending time and vacationing with his family.