Overview
Application Pattern Orchestrator on AWS is a one-click AWS Solution that helps to establish an automated framework to publish, govern, and maintain reusable, well-architected, secure-by-design, and production-ready application patterns for use by engineering teams in your organization.
It offers a set of integrated capabilities that facilitates decentralized contribution of application patterns, automated validation of pattern compliance with organizational policies, as well as central, unified discoverability.
What's new | August 2023
- Implemented role based access for the solution web UI.
- Added integration with additional security scanning tools (AWS CloudFormation Guard and Checkov).
To find out about other new features, refer to the Revisions page.
Benefits
Facilitate contribution of application patterns from your distributed engineering teams in a decentralized manner. Reduce reliance on central teams and improve overall productivity through automatic validation of basic compliance checks.
Shift governance to the left through the use of patterns and incorporate guardrails for new applications at scale. Automatically validate pattern security, architecture, and compliance against organization-specific policy-as-code.
Allow engineering teams to browse and search for patterns through a centrally accessible user interface built for application developers. Automatically notify users of new patterns and updates to existing patterns.
Orchestrate end-to-end publishing of approved patterns to customizable destinations with out-of-the-box support for AWS Service Catalog for AWS CloudFormation-based patterns and AWS CodeArtifact for AWS Cloud Development Kit (CDK)-based patterns.
Technical details
The diagram below presents the architecture that is automatically deployed following the steps in the solution's implementation guide and accompanying AWS CloudFormation template.
Once deployed, users will access the application through a standalone user interface that abstracts away the underlying AWS services used in the solution.
Learn how to use this AWS Solution, use the solution APIs and more in the implementation guide.
Step 1
AWS WAF to protect the web UI and Amazon API Gateway endpoints against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
Step 2
An Amazon CloudFront distribution to serve the optional UI. Amazon CloudFront delivers low latency, high performance, and secure static web hosting. An Amazon Simple Storage Service (Amazon S3) web UI bucket hosts the static web application artifacts.
Step 3
Amazon Cognito to provide authentication mechanism for both the static content hosted in S3 bucket for the web UI and API Gateway endpoints. Amazon Cognito also manages federating and storing users from external identity providers (IDPs).
Step 4
API Gateway to expose a set of RESTful APIs. API Gateway processes HTTP requests issued by the users to manage the lifecycle of application patterns and their attributes.
Step 5
A Pattern Portal AWS Lambda function to process the validated requests from the API Gateway. This Lambda function encapsulates the solution's business logic, receiving REST requests from the user via the API Gateway, validating them and storing these requests, and retrieving data to and from the database.
Step 6
AWS CodeCommit to store the pattern's source code. (To configure GitHub or GitHub Enterprise as your pattern’s source code repository instead, deploy the solution using AWS CDK by following the instructions from the solution README.)
Step 7
A pattern pipeline builder AWS CodeBuild to provision the CI/CD pipeline for the patterns.
Step 8
AWS CodePipeline to provide the CI/CD pipeline to publish a pattern to its target pattern store.
Step 9
Amazon DynamoDB to store and retrieve pattern’s metadata, publish data and attributes.
Step 10
Automated security check AWS CodeBuild to perform security scan on the pattern’s CloudFormation template which gets triggered automatically when the pattern’s developer raises a pull request. On completion of the security check, the results are published on the pull request page for the security admin to review. Once approved and the pattern’s code changes merged into the main branch of the pattern’s code repository, the CI/CD pipeline is automatically triggered to publish the pattern.
Step 11
A Pattern’s artifacts store to store the published artifacts to AWS Service Catalog for CloudFormation based patterns and to AWS CodeArtifact for CDK based patterns.
Step 12
Amazon SNS topic to receive the published pattern data from the pattern’s publishing pipeline to trigger the email notification mechanism.
Step 13
An email notification AWS Lambda function to receive the pattern’s published data from Amazon SNS topic, get the list of subscribers from AWS DynamoDB and invoke Amazon SES to send email notification about the pattern’s publishing to the subscriber list.
Step 14
Amazon SES to send email notification to the pattern’s subscriber list whenever a new pattern’s version is published.
Step 15
Amazon EventBridge rule to periodically initiate the pattern attribute sync process.
Step 16
Amazon EventBridge triggers a Timed Synchronizer AWS Lambda function to pull the pattern attributes from Amazon DynamoDB and push them to the Amazon SQS queue for performing the sync attribute operation.
Step 17
Amazon SQS queue to receive the attributes data and send it to the AppRegistry Updater AWS Lambda function to update the attribute groups in AWS Service Catalog AppRegistry.
Step 1
AWS WAF to protect the web UI and Amazon API Gateway endpoints against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
Step 2
An Amazon CloudFront distribution to serve the optional UI. Amazon CloudFront delivers low latency, high performance, and secure static web hosting. An Amazon Simple Storage Service (Amazon S3) web UI bucket hosts the static web application artifacts.
Step 3
Amazon Cognito to provide authentication mechanism for both the static content hosted in S3 bucket for the web UI and API Gateway endpoints. Amazon Cognito also manages federating and storing users from external identity providers (IDPs).
Step 4
API Gateway to expose a set of RESTful APIs. API Gateway processes HTTP requests issued by the users to manage the lifecycle of application patterns and their attributes.
Step 5
A Pattern Portal AWS Lambda function to process the validated requests from the API Gateway. This Lambda function encapsulates the solution's business logic, receiving REST requests from the user via the API Gateway, validating them and storing these requests, and retrieving data to and from the database.
Step 6
AWS CodeCommit to store the pattern's source code. (To configure GitHub or GitHub Enterprise as your pattern’s source code repository instead, deploy the solution using AWS CDK by following the instructions from the solution README.)
Step 7
A pattern pipeline builder AWS CodeBuild to provision the CI/CD pipeline for the patterns.
Step 8
AWS CodePipeline to provide the CI/CD pipeline to publish a pattern to its target pattern store.
Step 9
Amazon DynamoDB to store and retrieve pattern’s metadata, publish data and attributes.
Step 10
Automated security check AWS CodeBuild to perform security scan on the pattern’s CloudFormation template which gets triggered automatically when the pattern’s developer raises a pull request. On completion of the security check, the results are published on the pull request page for the security admin to review. Once approved and the pattern’s code changes merged into the main branch of the pattern’s code repository, the CI/CD pipeline is automatically triggered to publish the pattern.
Step 11
A Pattern’s artifacts store to store the published artifacts to AWS Service Catalog for CloudFormation based patterns and to AWS CodeArtifact for CDK based patterns.
Step 12
Amazon SNS topic to receive the published pattern data from the pattern’s publishing pipeline to trigger the email notification mechanism.
Step 13
An email notification AWS Lambda function to receive the pattern’s published data from Amazon SNS topic, get the list of subscribers from AWS DynamoDB and invoke Amazon SES to send email notification about the pattern’s publishing to the subscriber list.
Step 14
Amazon SES to send email notification to the pattern’s subscriber list whenever a new pattern’s version is published.
Step 15
Amazon EventBridge rule to periodically initiate the pattern attribute sync process.
Step 16
Amazon EventBridge triggers a Timed Synchronizer AWS Lambda function to pull the pattern attributes from Amazon DynamoDB and push them to the Amazon SQS queue for performing the sync attribute operation.
Step 17
Amazon SQS queue to receive the attributes data and send it to the AppRegistry Updater AWS Lambda function to update the attribute groups in AWS Service Catalog AppRegistry.
Step 18
An AppRegistry Updater AWS Lambda function to sync the pattern attributes with AWS Service Catalog AppRegistry.
Note: Before you launch the solution in the AWS Management Console, ensure that you meet the prerequisites in the implementation guide.