AWS SERVICE CATALOG
AWS Service Catalog
The customer wanted developers to create, manage and own infrastructure through AWS Service Catalog. The goal was to remove the manual overhead by deploying portfolios and products through a fully automated CI/CD pipeline.
AWS Service Catalog
A self-service portal for provisioning pre-approved AWS resources and applications.
Automated deployments
A CI/CD pipeline that creates, imports, shares and updates portfolios and products.
CloudFormation templates
Service Catalog products are CloudFormation stacks, defined in code and version-controlled.
Central management
Portfolios and products managed centrally and shared across multiple AWS accounts.
Deployment history
Full deployment history and version control for everything provisioned through the catalog.
Security and governance
A central security baseline, with constraints and approval workflows on each portfolio.
01Summary
The customer ran a sizeable AWS organisation. Resources had to be provisioned, monitored and secured consistently across accounts. Creating, importing and sharing products and portfolios across those accounts had to fit into the existing CI/CD pipeline and version control system, with no manual steps in between.
02The challenge
AWS Service Catalog products are CloudFormation stacks under the hood. We rebuilt the portfolio and product templates from scratch, then wrapped them in a CI/CD pipeline that managed the catalog end-to-end: import, share, update, retire.
03The solution
Constraints and IAM-scoped user groups were applied to the portfolios so the right teams could provision the right products. The time and cost of resources provisioned through the Service Catalog dropped sharply.
Users now own and manage their own resources. Notifications remind owners of running infrastructure. Each resource is monitored on its own, which keeps security and separation clear.
AWS, Azure
Design, Plan, Build
Everything in code: speed, consistency, repeatability
Centrally managed cloud infrastructure
Self-service cloud
Centralised security baseline
Read about our cloud landing zone service
Landing zones bundle cloud configuration: security, compliance, IAM/RBAC, networking, billing, logging, monitoring and auditing, plus the products that support specific workloads. They are delivered with Infrastructure as Code, so deployments are consistent and repeatable.
Read the service