AWS Service Catalog
Are you looking for an AWS service to restrict users to only specific services? Do you want to standardize the AWS services used by your users and organization? Do you want to centrally manage how users use the AWS services? Yes. It is possible by using the AWS Service Catalog!!!
AWS Service Catalog enables organizations to create and manage catalogs of IT services that are approved for AWS. These IT services can include everything from virtual machine images, servers, software, databases, and more to complete multi-tier application architectures.
Products
A product is an IT service that you want to make available for deployment on AWS. A product consists of one or more AWS resources, such as EC2 instances, storage volumes, databases, monitoring configurations, networking components, or packaged AWS Marketplace products.
A product can be a single compute instance running AWS Linux, a fully configured multi-tier web application running in its own environment, or anything in between.
Portfolios
A portfolio is a collection of products that contains configuration information. Portfolios help manage who can use specific products and how they can use them.
With AWS Service Catalog, you can create a customized portfolio for each type of user in your organization and selectively grant access to the appropriate portfolio. When you add a new version of a product to a portfolio, that version is automatically available to all current users.
Getting Started
Security in AWS Service Catalog
Data Protection - For data protection purposes, it is recommended that you protect AWS account credentials and set up individual user accounts with AWS Identity and Access Management (IAM). That way each user is given only the permissions necessary to fulfill their job duties.
- Use multi-factor authentication (MFA) with each account.
- Use SSL/TLS to communicate with AWS resources. We recommend TLS 1.2 or later.
- Set up API and user activity logging with AWS CloudTrail.
IAM - Access to AWS Service Catalog requires permission for users that can be given through Identity and Access Management. AWS Service Catalog integrates with AWS Identity and Access Management (IAM) to enable you to grant AWS Service Catalog administrators the permissions they need to create and manage products and to grant AWS Service Catalog end users the permissions they need to launch products and manage provisioned products.
Administrator - As an AWS Service Catalog administrator, you need full access to the administrator console and IAM permissions that allow you to perform tasks such as creating and managing portfolios and products, managing constraints, and granting access to end users.
End user - Before your end users can use your products, you need to grant them permissions that give them access to the AWS Service Catalog end user console. They can also have permission to launch products and manage provisioned products.
Monitoring in AWS Service Catalog
You can monitor your AWS Service Catalog resources using Amazon CloudWatch, which collects and processes raw data from AWS Service Catalog into readable metrics. These statistics are recorded for a period of two weeks so that you can access historical information and gain a better perspective on how your service is performing.
You can use AWS CloudWatch alarms to monitor AWS Service Catalog and report disruptions.
AWS CloudTrail is enabled on your AWS account when you create it. When activity occurs in AWS Service Catalog, that activity is recorded in an AWS CloudTrail event along with other AWS service events in Event history. You can view, search, and download recent events in your AWS account.
Conclusion
AWS Service Catalog provides benefits such as Standardization, Self-service discovery, and launch, Fine-grain access control, and Extensibility and version control.
AWS Service Catalog allows organizations to centrally manage commonly deployed IT services and helps organizations achieve consistent governance and meet compliance requirements.
Knowledge Credits - AWS Official Documents.
— — — — — — — — — — — — — — — — — — — — — — — — —
I would be happy to hear your feedback, appreciation, and any suggestions for the coming topics in my blog.
Enjoy failure and learn from it. You can never learn from Success.
Keep following me for the AWS services.
Cheers,
Yogendra.
