Application Pattern Orchestrator on AWS is a one-click AWS Solution that helps to establish an automated framework to publish, govern, and maintain reusable, well-architected, secure-by-design, and production-ready application patterns for use by engineering teams in your organization.
It offers a set of integrated capabilities that facilitates decentralized contribution of application patterns, automated validation of pattern compliance with organizational policies, as well as central, unified discoverability.
What's new | August 2023
- Implemented role based access for the solution web UI.
- Added integration with additional security scanning tools (AWS CloudFormation Guard and Checkov).
To find out about other new features, refer to the Revisions page.
Facilitate contribution of application patterns from your distributed engineering teams in a decentralized manner. Reduce reliance on central teams and improve overall productivity through automatic validation of basic compliance checks.
Shift governance to the left through the use of patterns and incorporate guardrails for new applications at scale. Automatically validate pattern security, architecture, and compliance against organization-specific policy-as-code.
Allow engineering teams to browse and search for patterns through a centrally accessible user interface built for application developers. Automatically notify users of new patterns and updates to existing patterns.
Orchestrate end-to-end publishing of approved patterns to customizable destinations with out-of-the-box support for AWS Service Catalog for AWS CloudFormation-based patterns and AWS CodeArtifact for AWS Cloud Development Kit (CDK)-based patterns.
The diagram below presents the architecture that is automatically deployed following the steps in the solution's implementation guide and accompanying AWS CloudFormation template.
Once deployed, users will access the application through a standalone user interface that abstracts away the underlying AWS services used in the solution.
Amazon Cognito to provide authentication mechanism for both the static content hosted in S3 bucket for the web UI and API Gateway endpoints. Amazon Cognito also manages federating and storing users from external identity providers (IDPs).
API Gateway to expose a set of RESTful APIs. API Gateway processes HTTP requests issued by the users to manage the lifecycle of application patterns and their attributes.
A Pattern Portal AWS Lambda function to process the validated requests from the API Gateway. This Lambda function encapsulates the solution's business logic, receiving REST requests from the user via the API Gateway, validating them and storing these requests, and retrieving data to and from the database.
AWS CodePipeline to provide the CI/CD pipeline to publish a pattern to its target pattern store.
Automated security check AWS CodeBuild to perform security scan on the pattern’s CloudFormation template which gets triggered automatically when the pattern’s developer raises a pull request. On completion of the security check, the results are published on the pull request page for the security admin to review. Once approved and the pattern’s code changes merged into the main branch of the pattern’s code repository, the CI/CD pipeline is automatically triggered to publish the pattern.
Amazon SNS topic to receive the published pattern data from the pattern’s publishing pipeline to trigger the email notification mechanism.
An email notification AWS Lambda function to receive the pattern’s published data from Amazon SNS topic, get the list of subscribers from AWS DynamoDB and invoke Amazon SES to send email notification about the pattern’s publishing to the subscriber list.
Amazon SES to send email notification to the pattern’s subscriber list whenever a new pattern’s version is published.
Amazon EventBridge triggers a Timed Synchronizer AWS Lambda function to pull the pattern attributes from Amazon DynamoDB and push them to the Amazon SQS queue for performing the sync attribute operation.
Amazon SQS queue to receive the attributes data and send it to the AppRegistry Updater AWS Lambda function to update the attribute groups in AWS Service Catalog AppRegistry.
An AppRegistry Updater AWS Lambda function to sync the pattern attributes with AWS Service Catalog AppRegistry.
Note: Before you launch the solution in the AWS Management Console, ensure that you meet the prerequisites in the implementation guide.