AWS has such a large number of services, many of which overlap in terms of functionality. There are best practices but no hard and fast rules about a sensible approach to managing theses services as AWS allows a flexible approach where no one use case fits every situation.
Nevertheless, some simple yet powerful services stand out as particularly helpful for novices and mature users alike in terms of management and governance of your cloud services.
Examples of these services are :
- Organisations which allows a user to manage many accounts with one central billing account
- Resource Groups which allows you to use tags to organise services into groups and sub groups to facilitate searching for services in use, centralised billing and using IAM conditions using tags to manage permissions
- Tag Editor which enables AWS assets to be tagged. I would recommend setting up a list of recommended tags to use with each asset.
I expect you can see some degree of overlap between these services and I would recommend that all of these services are used.
A couple of other services that are very helpful are Systems Manager and Service Catalog.
In this article as you will have guessed from the title I want to focus on Service Catalog.
What is Service Catalog?
Service Catalog is a toolset to enable an organisation to create and centrally manage a catalog of services that are approved for use by the organisation. It leads to one-click deployment of pre-configured resources in compliance with business approved policy.
Services covered include:
- Amazon Machine Images(AMIs – pre-configured operating systems and applications for EC2 compute
- Servers i.e. which EC32 instances can be used
- Databases of various types SQL and No-SQL
- S3 storage buckets
- Multi-AZ Virtual Private Cloud configurations
- Data Lake creation and data ingestion
- Machine Learning deployments with SageMaker
- Integration with external services such as ServiceNow
Read about setting up Service Catalog integration with ServiceNow
Benefits of Service Catalog
- Central management of commonly used services
- Assists compliance with corporate policy
- Standardisation of deployments
- Forces users to deploy only approved services and sets constraints on their use as users are given lists of products to choose from rather than allowing them to wander round the AWS console.
- Administrators have a dashboard from which they can see which resources are in use, who is using them and how much they are costing
Please note than in the AWS documentation there are various terms used that mean essentially the same thing:
Service (something that AWS manages),
Resource (a configured Service that is active) and
Product ( a collection of launched Resources and Services that constitute a working solution)
AWS Service Catalog now provides budget visibility on your portfolios and products by integrating with AWS Budgets. With this feature you can create and associate budgets with portfolios and products and track your spend. Portfolio and product budget creation is simplified using TagOptions and AutoTags, providing administrators with visibility into the budget and month-to-date spend. To get started, activate your tags and create your budget in AWS Budgets, then associate that budget to your portfolio or product in AWS Service Catalog. This feature is available in all commercial regions where AWS Service Catalog and AWS Budgets are available.
How does it Work?
Service catalog has two main modes of use: Administrators and Users
You define who is an Administrator and who is a User in IAM. Once the Admin or User logs in to the AWS Console they will see a different set options on screen.
The AWS console for Service Catalog Administrators has recently been redesigned to include new features such as Budgets and uses a guided set of steps through the process of setting up a service catalog. You may find older documentation is now out of date. The user interface has not changed.
An Administrator creates a Portfolio which can be your own, import a Portfolio from another account or organisation account or a predesigned one from AWS
For AWS newbies I would suggest using the Service Catalog in a box. This option gives you 13 working sets of functionality such as VPC with bastion, EC2 compute, various database options and S3 storage with various configurations
Add services to the Portfolio adds services which are pre-configured by AWS, AWS Marketplace sellers or custom services of your own
Add service options Select from a preconfigured list or add your own actions that you will allow users to perform
Add Tags ---- Tags can be pre-configured or custom and added to a Tag library for use across your accounts
I found this screen a bit buggy and still under development so it could change
More of a visual person than a reader?