menu
arrow_back

Introduction to AWS Service Catalog

Introduction to AWS Service Catalog

1 hour 30 minutes 1 Credit

SPL-172 - Version 1.0.8

© 2020 Amazon Web Services, Inc. and its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited.

Errors or corrections? Email us at aws-course-feedback@amazon.com.

Other questions? Contact us at https://aws.amazon.com/contact-us/aws-training/

Overview

In this lab, you will build an AWS Service Catalog ("SC") portfolio and place three products into the SC portfolio as an AWS Service Catalog Administrator. You will also experience end-user engagement with the AWS Service Catalog by signing in as an end-user and launching two of the products that you created.

As an AWS Service Catalog Administrator, you will create and assign Template and Launch constraints for the SC products that you create. You will set tags for both the products and portfolio that you will create, and assign AWS IAM (Identity and Access Management) users to be able to leverage the newly created portfolio.

Each SC product is backed by an AWS CloudFormation template, which is supplied as part of the lab.

You will be assigned two IAM users; the first IAM user (referred to as admin user) will be assigned the role of an AWS Service Catalog admin (not an AWS admin) which will only have the ability to create portfolios and products in AWS Service Catalog, but no direct access to other services. The second IAM user (referred to as developer user) will mimic an end-user experience and will only have the ability to launch AWS Service Catalog products. Additionally, the developer user has read-only access to the AWS environment to observe the results of product launches in the EC2 console.

You will be leveraging two IAM roles throughout the lab. The IAM roles have their trusted entity set to the Service Catalog service which allows Service Catalog to launch AWS services in the environment such as EC2 and RDS. This mechanism is used instead of granting direct access to AWS services to the end-user (developer in this lab), but still give them the ability to launch those services in a defined, governed and pre-approved way. You will be using two IAM roles, one for the EC2 services and one for RDS, named SC-LAB-EC2-ROLE and SC-LAB-RDS-ROLE.

In a typical deployment scenario, the admin user will be an automation or deployments team or a business unit AWS admin who does not have control of the entire AWS environment. The developer user will be either a developer, a business owner or an operations team member who is not concerned with the underlying AWS infrastructure and is more of a consumer of the final AWS services. We call this model the Consumer, Creator process.

Topics covered

By the end of this lab, you will be able to:

  • Create a Service Catalog Portfolio
  • Create a Service Catalog EC2 Product
  • Create a Service Catalog Security Group Product
  • Create a Service Catalog RDS Product
  • Create a Service Catalog Launch Constraint
  • Create a Service Catalog Template Constraint
  • Launch your newly created Service Catalog EC2 Product
  • Terminate your Service Catalog EC2 Product

Start Lab

  1. At the top of your screen, launch your lab by clicking Start Lab

This will start the process of provisioning your lab resources. An estimated amount of time to provision your lab resources will be displayed. You must wait for your resources to be provisioned before continuing.

If you are prompted for a token, use the one distributed to you (or credits you have purchased).

  1. Open your lab by clicking Open Console

This will automatically log you into the AWS Management Console.

Please do not change the Region unless instructed.

Common login errors

Error : Federated login credentials

If you see this message:

  • Close the browser tab to return to your initial lab window
  • Wait a few seconds
  • Click Open Console again

You should now be able to access the AWS Management Console.

Error: You must first log out

If you see the message, You must first log out before logging into a different AWS account:

  • Click click here
  • Close your browser tab to return to your initial Qwiklabs window
  • Click Open Console again

Join Qwiklabs to read the rest of this lab...and more!

  • Get temporary access to the Amazon Web Services Console.
  • Over 200 labs from beginner to advanced levels.
  • Bite-sized so you can learn at your own pace.
Join to Start This Lab