We announced the AWS Service Catalog last fall at AWS re:Invent. As I wrote at the time (Coming Soon – AWS Service Catalog), we wanted to give large organizations the ability to support line-of-business applications and to deliver all sorts of services to their internal constituency, while giving them the templates, knobs, levers, and fences that they need to have in order to maintain consistency, regulate access, promulgate best practices, and manage their budget.
Service Catalog users browse listings of products that they have access to, locate the one that they want, and launch it, all on their own, where it is known as a stack. Service Catalog administrators assemble portfolios of products, supplement the products with additional rules, and then use AWS Identity and Access Management (IAM) to allow specified IAM users, groups, and roles to access the portfolios.
Since the announcement, a representative set of AWS customers has been putting the service through its paces and providing us with lots of invaluable feedback in the process.
We have used that feedback to make the service an even better fit for the enterprise, with the addition of launch constraints to manage compliance, support for IAM roles, better use of tags for cost tracking, and the ability to share portfolios (collections of products) across AWS accounts.
Here’s what some of those early users had to say about the Service Catalog:
Today we are making the AWS Service Catalog available to all AWS customers!
My initial blog post contains a walk-through that still applies, so I won’t repeat myself. Instead, I’ll say a few words about the features that we added in response to feedback from our early customers.
Launch Constraints – Constraints can be applied to products, portfolios of products, IAM users, and IAM groups. The constraints control where and how a product is launched. For example, they can limit a product to a particular AWS region or to a specified set of EC2 instance types. Because each product in a portfolio is represented by a AWS CloudFormation template, constraints can also be applied to any of the template’s parameters.
IAM Role Support – Each product can have an associated IAM role. When a product that has a role is launched, the role is used to launch the AWS resources specified in the product’s CloudFormation template. If no role is supplied, the user’s IAM credentials will be used. Supplying a role allows you to avoid having to give users permission to create AWS resources.
Tags – Tags are used to identify and organize AWS resources. Each product and each portfolio can have up to three tags. When a product is launched the tags are combined and applied to the stack automatically. Users can also be asked to add additional tags to a stack as part of the process of launching a product. Tags are visible in the AWS Management Console.
Portfolio Sharing – Some organizations make use of more than one AWS account for administrative, billing, or historical reasons. The Service Catalog allows portfolios to be shared across accounts.
We are launching Service Catalog today in the US East (Northern Virginia) and US West (Oregon) regions. As usual, we’ll expand to other regions over time, prioritized based on customer demand.
For more information, visit the AWS Service Catalog page.