AWS Cloud Operations Blog
Managing your application metadata using AWS Service Catalog App Registry
Customers need a way to track all of their AWS application resources in one place, and associate metadata like cost center, business unit with those resources centrally. AWS Service Catalog AppRegistry removes the need for complex tag management and allows for customers to aggregate application metadata such as cost center and business units across multiple AWS services into one registry. It also unlocks ITSM or CMDB use cases to be able to track resources ServiceNow, leveraging the AWS Service Management Connector for ServiceNow. Customers I work with would like to be able to track application information across AWS accounts and regions.
In this post I will show you how to manage application metadata across AWS regions and accounts using AWS Service Catalog AppRegistry, AWS Neptune, and a few other AWS services.
Prerequisites
- AWS CloudFormation
- AWS Service Catalog
- AWS Lambda
- AWS Control Tower
- Amazon Neptune
- Amazon Simple Storage Service (S3)
- AWS Systems Manager
Background
Here are some of the AWS Service Catalog concepts referenced in this post. For more information, see the Overview of AWS Service Catalog.
- A product is a blueprint for building the AWS resources necessary to make it available for deployment on AWS, along with the configuration information. Create a product by importing an AWS CloudFormation template, or, in case of AWS Marketplace-based products, by copying the product to the AWS Service Catalog. A product can belong to multiple portfolios.
- A portfolio is a collection of products, together with the configuration information. Use portfolios to manage user access to specific products. You can grant portfolio access for an AWS Identity and Access Management (IAM) user, IAM group, or IAM role level.
- A provisioned product is an AWS CloudFormation stack. In other words, the AWS resources that are created. When an end-user launches a product, AWS Service Catalog provisions the product from an AWS CloudFormation stack.
- Constraints control the way that users can deploy a product. Launch constraints let you specify a role that the AWS Service Catalog can assume to launch a product.
Solution overview
The following diagram maps out the solution architecture.
Figure 1: Solution architecture
Administrator process
The administrator deploys a CloudFormation template that creates resources in the central account. These resources include an AWS Service Catalog product, an Amazon Neptune instance, an Amazon S3 bucket, AWS CloudFormation templates, and more. These components will be used to collect and manage the application information coming from the different accounts and regions.
End-user process
End users use an AWS Service Catalog product to update the central account with application information. End-users can also access the web interface in the central account to view all of the application information.
Configuring an environment
For your convenience, we have supplied an AWS CloudFormation template to automate the creation of prerequisite AWS resources.
Step 1. Download the CloudFormation template and upload this to an Amazon S3 bucket.
- Download the content in this zip file
- Extract the zip file, and it will create a folder called content
- Log in to your AWS account as an administrator that can create AWS resources
- Create an Amazon S3 bucket and note this name
- Upload the content folder to your newly created S3 bucket
- Drill down into the content/scappregistry folder
- Choose the checkbox next to scappregistry_setup.json
- Right click and copy the Object URL
Step 2. Deploy the CloudFormation template
- Navigate to the AWS CloudFormation landing page
- Choose Create Stack, and in the drop-down menu choose With new resources (standard)
- On the Create stack page, under Specify template choose Amazon S3 URL. In the Amazon S3 URL field, paste the S3 Object URL link that you copied from Step 1.7
- Choose Next
Figure 2: Stack parameters
- In the Specify stack details section, enter the following:
- Stack Name: scappregsetup
- SCenduserrole: Enter user/<your-iam-user> (<iam-user> is the user, role, or group who will use the product)
- SourceBucket: Enter the bucket name that you created, and note it in Step 1.4
- VPCID: Select a VPC
- Select Next
- On the Configure stack options page, select Next
- On the Review page, select the box next to I acknowledge that AWS CloudFormation might create IAM resources
- Select Create Stack
- Wait for the Status to change to CREATE_COMPLETE. This will take 3-14 min.
Adding App registry content
Create an AppRegistry application sample using these steps if you have not created an app before. For this sample application, we will create an application called finance01. It will have the following attributes:
Create an AppRegistry application sample using these steps if you have not created an app before. For this sample application, we will create an application called finance01. It will have the following attributes:
- Environment – dev
- Costcenter – cc007
- Support team
- Developer – Esra Dax
- QA tester – Harry Kim
- Operations Lead – Geordi Laforge
- Navigate to the AWS Service Catalog admin page
- On the left under AppRegistry, select Applications
- Select Create an application
- For Application name, enter finance01
- For Application Description, enter test application
- Select Next
- Select Next
- Select New attribute group – optional
- For Unique attribute group name, enter attgroup001
- For JSON, enter
- {
“environment”: “dev”,
“Costcenter”: ” cc007″,
“SupportDeveloper”: “Esra Dax”,
“SupportQA tester”: “Harry Kim”,
“SupportOperationsLead”: “Geordi Laforge”
}
- {
- Select Next
- Select Finish
You should now have at least one application.
Copying your application information to the central location
This step will load the App registry application information from this account in this region into the central location.
- Navigate to the AWS Service Catalog admin page
- Select Products from the top left
- Select the SCappregistry product
- Select Launch product
- Select the Generate name check box for Provisioned product name
- Select update for Action
- Select Launch product
- Wait until the status changes to Available on the top right
View your application via the web interface
- Select the Webintrface URL from the PROVISION_PRODUCT output
- Select the finance01… from the Select an application list
- Select the Select button
- Select the orange finance01.. the attgroup001 appears
- Select the attgroup001 the application information appears
Figure 3: Graphical report
Loading application data from other accounts and regions
Create the spoke account setup CFT template
- Navigate to the AWS Service Catalog admin page
- Select Provisioned products from the top left
- Select the SCappregistry-… product you deployed earlier
- Under Output, right click and copy the URL for Spoketemplate
- Share this URL with the spoke account, and go to the next section
Deploying the CFT template in the spoke account or different region
- Log in to the spoke account with a role that has the permission to create resources or use the same account, and switch to a different region
- Navigate to the AWS CloudFormation console
- Navigate to the AWS CloudFormation landing page
- Choose Create Stack, and in the drop-down menu choose With new resources (standard)
- On the Create stack page, under Specify template, choose Amazon S3 URL. In the Amazon S3 URL field, paste the URL link you copied previous section
- Choose Next, and then Choose Next
- For Stack name, enter scappregspoke01
- For SCenduserRole, enter the user or role that will use Service Catalog to share application information
- Select Next
- On the Configure stack options page, select Next
- On the Review page, check the box next to I acknowledge that AWS CloudFormation might create IAM resources
- Select Create stack
Saving Application data to the central account from the spoke account or different region
In the new account or region, create an application, and see the Adding App registry content Section above
- Navigate to the AWS Service Catalog admin page
- Select Products from the top left
- Select the SCappregistry product
- Select Launch product
- Select the Generate name check box for Provisioned product name
- Select update for Action
- Select Launch product
- Wait until the status changes to Available on the top right
- Select the Webinterface URL to view the application information in the central web interface
Figure 4: Provisioned product output screen
Cleanup
To avoid ongoing charges in your account, delete the resources that you created. Use the AWS Service Catalog console to delete the AWS Service Catalog product. Choose Provisioned products, and from Actions, choose Terminate. Use the CloudFormation console to delete the stack that you created. For instructions, see Deleting a stack on the AWS CloudFormation console.
Use the Amazon S3 console to delete the bucket contents, and then delete the bucket. For instructions, see Deleting a bucket.
Conclusion
In this post, you learned how you can use the AWS Service Catalog App registry to manage, track, and display your applications and their metadata.