aws-secure-environment-accelerator icon indicating copy to clipboard operation
aws-secure-environment-accelerator copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

[FEATURE] Deploy customer provided Service Catalog Items

Open Brian969 opened this issue 4 years ago • 5 comments

Deploy customer provided Service Catalog Items

  • Deploy to central account and share to appropriate accounts by OU's (allow excluding accounts)
  • Could be used to provision a SC item which enables requesting a custom local account VPC using the CIDR mgmt capabilities
  • see related ticket #714

Brian969 avatar Nov 21 '20 01:11 Brian969

@Brian969 any thoughts on designing of this, I can contribute on this. I am thinking of something like https://aws.amazon.com/blogs/mt/how-to-set-up-a-multi-region-multi-account-catalog-of-company-standard-aws-service-catalog-products/ in the first place and I see that there is some code in AccountVendingMachine.

As a user

  1. we want to publish solutions to the servicecatalog, or use the already provided solutions
  2. To install a solution from service catalogue in any ou account, would be nice if we can use a property in account's json.

Let me know whats your thought on this.

rverma-dev avatar Mar 25 '21 04:03 rverma-dev

My initial thoughts are this would be implemented very similar to the way we handle SSM document creation and sharing.

  • Add a library of SC "products" in global options which deploys them to a central account like Ops.
  • Use a per-ou config to define if the SC product was shared out to all accounts in the ou.
  • add a new folder under reference artifacts called service-catalog, which hosts SEA provided SC samples (need at least one)
  • customers can reference and use that without providing any files, or they can provide their own SC templates under the customer input bucket, by placing them in the service-catalog folder (goes back to the principal of being able to deploy the solution without needing to fork or copy it, even when customizing it).

Brian969 avatar Mar 28 '21 15:03 Brian969

It would be nice if we can support 3 different criteria

  1. Support Product from aws getting started library like arn:aws:catalog:us-east-1:614450566528:product/prod-e7sux4wmrv3dk
  2. Support product from provided cloudformation (obvious)
  3. support product from aws cdk from codecommit (we probably can use synth and use the output as per 2)

rverma-dev avatar Apr 27 '21 00:04 rverma-dev

This aws-sample needs to be CDKified, perhaps within the scope of this ticket.

aws-service-catalog-reference-architectures

smaud avatar May 11 '21 23:05 smaud

The question here is whether internal AWS architects/TAMs will preference the old AWS service catalog, or the new concept of a CDK construct catalog/hub which seems to be more powerful than the old service catalog. Or are you going to integrate these two features?

In our enterprise we want to release a service catalog to our customers however we are not sure which way to go: Should we put time into: construct-hub https://github.com/cdklabs/construct-hub https://awscdk.io/

or aws-service-catalog-reference-architectures?

what's the advice here?

smaud avatar May 12 '21 00:05 smaud

ASEA not working on new features see README.

archikierstead avatar Nov 30 '23 15:11 archikierstead