Add Service Catalog Products

Overview

In this lab we will walk through how to deploy additional Service Catalog Products to new accounts. We will also share a Service Catalog portfolio via AWS Organizations. We will be effectively deploying a CloudFormation with SC portfolios and products as step 1.

Prerequisites

  • This lab requires an account with Administration privileges and Control Tower.
  • DO NOT use the Root User
  • Use a new SSO account your created.

Service Catalog deployment steps

  1. Login using the SSO account user
  2. Download the SC portfolio and product json note the location or copy https://kenwalshtestad.s3.amazonaws.com/cfn/public/ct_training_lab-9.json

  3. Right Click and Open the AWS CloudFormation Console in a new tab

  4. Choose the Create stack button

  5. Choose upload a template file

  6. Choose the Choose File button navigate to file you downloaded select it

  7. Enter the Stack name ctTest

  8. Enter the PortfolioName use default

  9. Choose the Next button

  10. On the Stack Options page choose Next

  11. On the Review page

    1. select I acknowledge that AWS CloudFormation might create IAM resources with custom names.
  12. Choose Create Stack

Service Catalog launching a product

  1. Choose the Output tab of the stack
  2. Copy the outputs into a text file
  3. Click on the SwitchRoleSCEndUserRole
  4. Choose Switch role
  5. Right Click and Open the AWS Service Catalog Console
  6. Choose Product List on the top left AWS

  7. Choose a product and launch it. e.g (Bucket)

  8. Clean up Terminate the product under provisioned product list Choose Action, Terminate

  9. Copy the url for SwitchRolefullSCAdmin and open it in a new browser tab

  10. Choose Switch Role

  11. Switch back to the admin user you created AWS


Share Service Catalog Portfolio via Organization

  1. Capture AWS Organizations Id AWS

    • Right Click and Open the [AWS Organization Console -Settings] https://console.aws.amazon.com/organizations/home#/organization/settings
    • Copy the Organization ID
    • Right Click and Open the AWS Service Catalog Console
    • Choose Portfolios on the bottom left
    • Choose ControlTower SC Demo Portfolio
    • Choose Share
    • Choose the Share with new Account button
    • Choose the Organization radio button if not enabled choose Enable
    • Paste the Organization ID
    • Choose Share AWS All accounts under this organization will now have access to this Service Catalog portfolio and products. As new accounts get added they will have access.

Clean up

  1. Terminate any Service Catalog products deployed
  2. Go to CloudFormation and delete the Stack

Congratulation you have completed the Lab.