This post was written by Sander Rodenhuis and Posted on 21 oktober 2017

Let’s say you want to offer the ability for developers (or a thirty party) to provision a development environment based on the organizations standards and compliancy requirements. You can do that by defining a stack in a AWS CloudFormation template and then publish that template as a product in the AWS Service Catalog.

In this blog I will shorty explain how to create a template using the CloudFormation Designer and then publish the template as a product to a portfolio in the Service Catalog.

First I’m going to create a template with the CloudFormation Designer. The Designer is a graphic tool for creating, viewing, and modifying AWS CloudFormation templates. With Designer, you can diagram your template resources using a drag-and-drop interface, and then edit their details using the integrated JSON and YAML editor. A template in the end is just a text file that describes AWS resources in a JSON or YAML format. I’m not going to explain all the details, but will only highlight a few essentials. You can find a complete walkthrough here.

After opening the Designer and changing the name of the template, you can add resources from the Resource types pane by choosing a category and drag-and-drop them to the canvas. You can also graphically add associations and dependencies between components.

After adding the resources, make sure to specify the template components. You can use (input) parameters so that you don’t need to hardcode values in the templates. When the developers create the stack based on your template they are asked to choose from the (allowed) parameters you have specified. This allows them to choose an instance type (if you allow them) and the name of the EC2 KeyPair to use. Next to parameters, you can create mappings to specify values based on input parameter values. Here you can ‘map’ the instance type to specific (custom) AMI ID. You can also specify outputs, like the public IP or an ELB domain name.

Next you can specify resource properties and metadata. This is what I don’t like. You still have to do a lot of coding. Hopefully AWS is working on a more advanced interface that offers the ability to select the required properties and you only have to fill in the values, just like when you create a resource with the AWS console. But on the other hand, then you’ll end up with a template file with lots of metadata.

When you’re done with the template, save it. When you save it in an S3 bucket, make sure to first create a bucket to store your templates in. Otherwise AWS will create one for you and you’re in the dark when you have to add the template URL when creating a product in the Service Catalog.

Now let’s add the template as a product to the Service Catalog. The following diagram shows the initial workflow for an administrator in an example catalog creation scenario.

I already created a template, so the next step is to create a product in the Service Catalog. In the AWS docs there is a step by step guide to get started with the Service Catalog. I already followed step 1 to 4. Next up: create a Portfolio. Choose “Create portfolio” and add a name and owner (mandatory) and choose “Create”. In the admin console select “Portfolio lists”, select your portfolio and click “Upload new product”. Fill in the mandatory fields. In the version details pane, specify the URL location of the template.

On the review page, choose “Create”. Now you only have to grant users access to your portfolio. Note that you can also share your products with other AWS accounts. Now log in with a user account who is a member of the group with the required policies. Select “Product list”. Here you see the product that can now be launched.

Conclusion

AWS CloudFormation Designer is very useful for creating templates. It offers you to simply create a structure for your CloudFormation template. There is however still a lot of coding required. When using the Designer, all Designer metadata (like positions of your resources on the canvas) is stored in the template file. If your using the Designer or write the templates your self, publishing templates with the Service Catalog is a really useful feature. Especially when your managing a AWS environment for organizations who need to achieve consistent governance and meet compliance requirements.