AWS Service Catalog Documentation

AWS Service Catalog allows you to create and manage catalogs of IT services you want to make available for deployment on AWS. Each such IT service is considered a product, which can comprise one or more AWS resources and can be a single compute instance running AWS Linux, a fully configured multi-tier web application running in its own environment, or anything in between. You create your products in AWS Service Catalog by importing AWS CloudFormation templates. 

AWS Service Catalog allows you to create portfolios that are collections of products, together with configuration information. With AWS Service Catalog, you can create a customized portfolio for each type of user in your organization and selectively grant access to the appropriate portfolio. When you add a new version of a product to a portfolio, that version is made available to all current users of that portfolio. You also can share your portfolios with other AWS accounts and allow the administrator of those accounts to distribute your portfolios with additional constraints. 

AWS Service Catalog allows you to manage multiple versions of the products in your catalog. This allows you to add new versions of templates and associated resources based on software updates or configuration changes. When you create a new version of a product, the update is distributed to all users who have access to the product, allowing the user to select a version. Users can update running instances of the product to the new version quickly and easily.

You can grant a user access to a portfolio to enable that user to browse the portfolio and launch the products in it. You apply AWS Identity and Access Management (IAM) permissions to control who can view and modify your products and portfolios. When a user launches a product that has an IAM role assigned to it, AWS Service Catalog uses the role to launch the product's cloud resources using AWS CloudFormation. Assigning an IAM role to product helps you avoid giving users permissions to perform unapproved operations.

Constraints restrict the ways that specific AWS resources can be deployed for a product. You can use them to apply limits to products for governance or cost control. 

Every product in AWS Service Catalog is launched as an AWS CloudFormation stack, which is a set of resources provisioned for that instance of the product. 

Using service actions, you can enable end users to perform operational tasks, troubleshoot issues, run approved commands, or request permissions in AWS Service Catalog on your provisioned products, without needing to grant end users full access to AWS services. You use AWS Systems Manager documents to define service actions. 

Builders can define their applications within AWS Service Catalog AppRegistry by providing a name, description, associations to application metadata, or associations to CloudFormation stacks. The associated attribute groups represent the metadata that your enterprise creates and manages for the application. The associated CloudFormation stacks represent the AWS resources associated to the application. Either existing or new CloudFormation Stacks can be associated to applications. Stacks can be associated to applications within the template itself, automating the application association during provisioning.

Your enterprise creates and manages attributes that capture the application metadata that are important to your enterprise. Application attributes support an open JSON schema. Application attributes might include items such as the application security classification, organizational ownership, application type, cost center, and support information. Builders associate the necessary attributes to their applications. When attributes are updated, this is reflected within all associated applications.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.