AWS Service Catalog Documentation

Products

A product is a set of AWS cloud resources that you want to make available for deployment on AWS. A product can comprise one or more AWS resources. Using AWS Service Catalog, you can create products in multiple ways. The templates and configurations are designed to define the AWS resources required for the product, the relationships between resources, and the parameters that the end user can plug in when they launch the product to configure security groups, create key pairs, and perform other customizations.

Portfolios

A portfolio is a collection of products, together with configuration information. Using portfolios, you can manage product configuration and who can use specific products and how they can use them. With AWS Service Catalog, you can create a customized portfolio for each type of user in your organization and selectively grant access to the appropriate portfolio. When you add a new version of a product to a portfolio, that version is designed to be available to all current users of that portfolio. You also can share your portfolios with other AWS accounts and allow the administrator of those accounts to distribute your portfolios with additional constraints. A portfolio can contain a mix of products of different types.

Versioning

AWS Service Catalog enables you to manage multiple versions of the products in your catalog. This enables you to add new versions of templates and associated resources based on software updates or configuration changes. When you create a new version of a product, the update is designed to be distributed to all users who have access to the product, allowing the user to select a version. Users can update running instances of the product to the new version.

Granular access control

You can grant a user access to a portfolio to enable that user to browse the portfolio and launch the products in it.

Constraints

Constraints restrict the ways that specific AWS resources can be deployed for a product. You can use them to apply limits to products for governance or cost control. There are two types of constraints: template and launch. Template constraints are designed to restrict the configuration parameters that are available for the user when launching the product. Template constraints enable you to reuse generic infrastructure as code (IaC) templates for products and apply restrictions to the templates on a per-product or per-portfolio basis. Launch constraints enable you to specify a role for a product in a portfolio. This role is designed to provision the resources at launch, so you can restrict user permissions.

Service Actions

Using service actions, you can enable end users to perform operational tasks, troubleshoot issues, run approved commands, or request permissions in AWS Service Catalog on your provisioned products, without needing to grant end users full access to AWS services.

Applications

Builders can define their applications within AWS Service Catalog AppRegistry.

Attribute Groups

Your enterprise can create and manage attributes that capture the application metadata that are important to your enterprise. When attributes are updated, it is designed to be reflected within all associated applications.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.