├── .github └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── AppRegistry ├── README.md └── sc-appreg-example.json ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── NOTICE ├── README.md ├── backup └── backup-tagoptions.yml ├── blog_content ├── appregistry_ram_share │ ├── README.md │ └── appreg-blog.zip ├── blogkmsaction │ └── blogkmsaction.zip ├── ctautomation │ ├── CT-Bloga.png │ ├── README.md │ └── ctautomation_setup.zip ├── kmsaction │ ├── README.md │ └── content │ │ └── kmsaction │ │ └── README.md ├── manage_entitlement │ ├── README.md │ └── mgtentitlement.zip ├── marketplace-reporting │ ├── README.md │ └── mpeventrep.zip ├── marketplace_lic_integration │ ├── README.md │ └── mp-lm-one-time-configuration.yaml ├── procuring_software │ ├── README.md │ └── templates │ │ ├── IAM_CFT_End_User.yaml │ │ ├── IAM_CFT_Proc_Admin.yaml │ │ ├── IAM_CFT_Software_Manager.yaml │ │ └── README.md ├── sagemaker-selfservice │ ├── README.md │ ├── sagemaker-selfservice-url.zip │ └── sagemaker-selfservice-url │ │ ├── CMK-KMS.yaml │ │ ├── DeveloperPolicy.yaml │ │ ├── LambdaURL.yaml │ │ ├── Network.yaml │ │ ├── PreSignedDomainURL-SageMaker.yml │ │ ├── PreSignedURL-SageMaker.yml │ │ ├── SC-Notebook-Constrain.yaml │ │ ├── SageMaker-Notebook-Product.yaml │ │ ├── SimpleNotebook.yaml │ │ ├── Watcher.yaml │ │ ├── portfolio.yaml │ │ └── start.yaml ├── sc_appregistry │ ├── README.md │ └── appregsetup.zip ├── sc_polly │ ├── README.md │ └── scpolly.zip ├── screports │ ├── README.md │ └── screports.zip ├── securing-third-party-data-and-ml-apps │ ├── README.md │ ├── admin-setup-app.yaml │ ├── adx.yaml │ ├── application.yaml │ ├── mlmodel.yaml │ ├── network.yaml │ ├── notebook.yaml │ ├── portfolio.yaml │ └── s3_iam_kms.yaml ├── service_catalog_enhanced_acct_fact │ ├── README.md │ └── scenhanceaccafact.zip └── servicenow-sap │ ├── README.md │ └── sc_lwiz_sap.zip ├── bulkprovision ├── .gitignore ├── README.md ├── bulkexecute │ └── __init__.py ├── bulkmonitor │ └── __init__.py ├── common │ └── __init__.py ├── images │ ├── cswp001.png │ ├── cswp002.png │ ├── cswp003.png │ ├── i.dat │ ├── kms.png │ ├── wait.jpeg │ └── workspacescreen.png ├── lambda_email.py ├── lambda_function.py ├── lambda_startSF.py ├── makefile ├── templates │ ├── bulk-cf-testprod.json │ ├── bulkmonitor-dynamo.json │ ├── bulkmonitor-lambdas.json │ ├── bulkmonitor-master-template.json │ ├── bulkmonitor-stepfunction.yml │ └── sc-start-bulk.json ├── test.py └── testlambdas.py ├── codepipeline ├── README.md ├── ServiceCatalog-CICD-templates.png ├── blacklist-cfnnag.yml ├── buildspec-cnfnag.yml ├── buildspec.yml ├── ct_install_multi.sh ├── ct_uninstall_multi.sh ├── install.sh ├── run-cfnnag.sh ├── run-cloudformationupdate.sh ├── run-pipelineupdate.sh ├── sc-cicd-ra-architecture.png ├── sc-cloud9.json ├── sc-codepipeline-ra.json ├── sc-product-cloud9.json └── uninstall.sh ├── conformance_packs ├── README.MD ├── sc_AWSControlTowerDetectiveGuardrails.yaml ├── sc_OperationalBestPracticesForAWSIdentityAndAccessManagement.yaml ├── sc_OperationalBestPracticesForAmazonDynamoDB.yaml ├── sc_OperationalBestPracticesForPCI-DSS.yaml └── sc_conformancepacks_prerequisites.yml ├── dynamodb ├── README.md ├── sc-dynamodb-ra.yml ├── sc-portfolio-dynamodb.yml └── sc-product-dynamodb.yml ├── ec2 ├── README.md ├── sc-ec2-linux-apache-nokey.json ├── sc-ec2-linux-apache.json ├── sc-ec2-linux-nginx-nokey-appreg.json ├── sc-ec2-linux-nginx-nokey.json ├── sc-ec2-linux-nginx.json ├── sc-ec2-linux-ra.json ├── sc-ec2-ra-architecture.png ├── sc-ec2-windows-ra.json ├── sc-portfolio-ec2VPC.json ├── sc-portfolio-ec2demo.json ├── sc-product-ec2-apache-demowebserver.json ├── sc-product-ec2-apache-webserver.json ├── sc-product-ec2-linux.json ├── sc-product-ec2-nginx-demowebserver.json ├── sc-product-ec2-nginx-webserver.json ├── sc-product-ec2-windows.json └── sc-tagoptionLibrary.json ├── ecs ├── README.md ├── SC-Devops-ECS.png ├── codepipeline │ ├── buildspec-build.yml │ ├── buildspec-deploy.yml │ └── buildspec-validate.yml ├── container-codepipeline-ra.json ├── fargate-private-vpc.yml ├── fargate-service.json ├── fargate-task.json ├── sc-portfolio-ecs.json ├── sc-product-container-pipeline.json ├── sc-product-fargatecluster.json ├── sc-product-fargateservice.json └── sc-product-fargatetask.json ├── elasticbeanstalk ├── README.md ├── SC-Devops-EB-github.png ├── beanstalk-codepipeline-dotnet.json ├── beanstalk-codepipeline-ra.json ├── codepipeline │ ├── buildspec-build-dotnet.yml │ ├── buildspec-build.yml │ ├── buildspec-deploy-dotnet.yml │ ├── buildspec-deploy.yml │ └── buildspec-validate.yml ├── sc-elasticbeanstalk-dotnet-rds-ra.json ├── sc-elasticbeanstalk-ra.json ├── sc-portfolio-elasticbeanstalk.json ├── sc-product-beanstalk-pipeline.json ├── sc-product-elasticbeanstalk.json └── sc-product-windows-rds-elasticbeanstalk.json ├── emr ├── README.md ├── sc-emr-SparkHbase.json ├── sc-emr-ra-architecture.png ├── sc-emr-ra.json ├── sc-portfolio-emr.json ├── sc-product-emr.json └── sc-product-emrsparkhbase.json ├── glue ├── README.md ├── sc-glue-ra.yml ├── sc-portfolio-glue.json └── sc-product-glue.json ├── iam ├── README.md ├── sc-codecommit-iamuser.yml ├── sc-dynamodb-launchrole.yml ├── sc-ec2vpc-launchrole.yml ├── sc-ecs-launchrole.yml ├── sc-elasticbeanstalk-launchrole.yml ├── sc-emr-launchrole.yml ├── sc-glue-launchrole.yml ├── sc-launchrole-createall.json ├── sc-rds-launchrole.yml ├── sc-redshift-launchrole.yml ├── sc-s3-launchrole.yml ├── sc-serverless-launchrole.yml └── sc-workspaces-launchrole.yml ├── labs ├── CalcAPI │ ├── .dockerignore │ ├── .gitignore │ ├── Dockerfile │ ├── README.md │ ├── clustertest.py │ ├── codepipeline │ │ ├── buildspec-build.yml │ │ ├── buildspec-deploy-EB.yml │ │ ├── buildspec-deploy-lambda.yml │ │ ├── buildspec-deploy.yml │ │ └── buildspec-validate.yml │ ├── flask │ │ ├── application.py │ │ ├── gu.conf │ │ ├── gu.local │ │ ├── requirements.txt │ │ ├── rungunicorn.sh │ │ ├── runlocal.sh │ │ └── wsgi.py │ ├── lambda_function.py │ ├── makefile │ ├── pycalc │ │ └── __init__.py │ ├── pytest.py │ ├── remotetest.py │ ├── src │ │ ├── calc.c │ │ └── calc.h │ ├── start.sh │ ├── test.c │ └── testapi.sh ├── README.md ├── SampleDotNetApplication │ ├── .gitignore │ ├── App_Start │ │ ├── BundleConfig.cs │ │ ├── FilterConfig.cs │ │ └── RouteConfig.cs │ ├── Content │ │ ├── Site.css │ │ ├── bootstrap-theme.css │ │ ├── bootstrap-theme.css.map │ │ ├── bootstrap-theme.min.css │ │ ├── bootstrap-theme.min.css.map │ │ ├── bootstrap.css │ │ ├── bootstrap.css.map │ │ ├── bootstrap.min.css │ │ └── bootstrap.min.css.map │ ├── Controllers │ │ └── HomeController.cs │ ├── Global.asax │ ├── Global.asax.cs │ ├── Properties │ │ └── AssemblyInfo.cs │ ├── SampleWebApplication.csproj │ ├── SampleWebApplication.sln │ ├── Scripts │ │ ├── bootstrap.js │ │ ├── bootstrap.min.js │ │ ├── jquery-3.4.1.intellisense.js │ │ ├── jquery-3.4.1.js │ │ ├── jquery-3.4.1.min.js │ │ ├── jquery-3.4.1.min.map │ │ ├── jquery-3.4.1.slim.js │ │ ├── jquery-3.4.1.slim.min.js │ │ ├── jquery-3.4.1.slim.min.map │ │ ├── jquery.validate-vsdoc.js │ │ ├── jquery.validate.js │ │ ├── jquery.validate.min.js │ │ ├── jquery.validate.unobtrusive.js │ │ ├── jquery.validate.unobtrusive.min.js │ │ └── modernizr-2.8.3.js │ ├── Views │ │ ├── Home │ │ │ ├── About.cshtml │ │ │ ├── Contact.cshtml │ │ │ └── Index.cshtml │ │ ├── Shared │ │ │ ├── Error.cshtml │ │ │ └── _Layout.cshtml │ │ ├── Web.config │ │ └── _ViewStart.cshtml │ ├── Web.Debug.config │ ├── Web.Release.config │ ├── Web.config │ ├── codepipeline │ │ ├── buildspec-build-dotnet.yml │ │ └── buildspec-deploy-dotnet.yml │ ├── favicon.ico │ ├── fonts │ │ ├── glyphicons-halflings-regular.eot │ │ ├── glyphicons-halflings-regular.svg │ │ ├── glyphicons-halflings-regular.ttf │ │ ├── glyphicons-halflings-regular.woff │ │ └── glyphicons-halflings-regular.woff2 │ └── packages.config ├── preventive-control │ ├── aws-kinesis-agent-latest.amzn1.noarch.rpm │ ├── cleanup.sh │ ├── code9-workshop-environment-cfn.yml │ ├── deploy.sh │ ├── deployment-cfn.yml │ ├── deployment-cfn │ │ └── sc-product-deployment.yml │ ├── deployment-lambda.zip │ ├── fh-agent.json │ ├── httpd.conf │ ├── iam-user-cfn.yml │ ├── kinesis-deployment-cfn.yml │ ├── product-selector-lambda.zip │ ├── products-config │ │ ├── sc-product-alb.deployer │ │ ├── sc-product-alblistener.deployer │ │ ├── sc-product-albtarget.deployer │ │ ├── sc-product-autoscaling.deployer │ │ ├── sc-product-dmsendpoint.deployer │ │ ├── sc-product-dmsinstance.deployer │ │ ├── sc-product-dynamodb.deployer │ │ ├── sc-product-ebs.deployer │ │ ├── sc-product-efs.deployer │ │ ├── sc-product-elasticache.deployer │ │ ├── sc-product-elasticsearch.deployer │ │ ├── sc-product-firehose.deployer │ │ ├── sc-product-fsx.deployer │ │ ├── sc-product-kinesis.deployer │ │ ├── sc-product-s3.deployer │ │ ├── sc-product-sagemaker.deployer │ │ ├── sc-product-sns.deployer │ │ └── sc-product-sqs.deployer │ ├── products │ │ ├── alb │ │ │ ├── sc-alb-listener.yml │ │ │ ├── sc-alb-products-role.yml │ │ │ ├── sc-alb-target.yml │ │ │ └── sc-alb.yml │ │ ├── asc │ │ │ ├── sc-asc-products-role.yml │ │ │ └── sc-asc.yml │ │ ├── dmsendpoint │ │ │ ├── sc-dmsendpoint-products-role.yml │ │ │ └── sc-dmsendpoint.yml │ │ ├── dmsinstance │ │ │ ├── sc-dmsinstance-products-role.yml │ │ │ └── sc-dmsinstance.yml │ │ ├── dynamodb │ │ │ ├── sc-dynamodb-products-role.yml │ │ │ └── sc-dynamodb.yml │ │ ├── ebs │ │ │ ├── sc-ebs-products-role.yml │ │ │ └── sc-ebs.yml │ │ ├── efs │ │ │ ├── sc-efs-products-role.yml │ │ │ └── sc-efs.yml │ │ ├── elasticache │ │ │ ├── sc-elasticache-products-role.yml │ │ │ └── sc-elasticache.yml │ │ ├── elasticsearch │ │ │ ├── sc-elasticsearch-products-role.yml │ │ │ └── sc-elasticsearch.yml │ │ ├── firehose │ │ │ ├── sc-firehose-products-role.yml │ │ │ └── sc-firehose.yml │ │ ├── fsx │ │ │ ├── sc-fsx-products-role.yml │ │ │ └── sc-fsx.yml │ │ ├── kinesis │ │ │ ├── sc-kinesis-products-role.yml │ │ │ └── sc-kinesis.yml │ │ ├── s3 │ │ │ ├── sc-s3-products-role.yml │ │ │ └── sc-s3.yml │ │ ├── sagemaker │ │ │ ├── sc-sagemaker-products-role.yml │ │ │ └── sc-sagemaker.yml │ │ ├── sns │ │ │ ├── sc-sns-products-role.yml │ │ │ └── sc-sns.yml │ │ └── sqs │ │ │ ├── sc-sqs-products-role.yml │ │ │ └── sc-sqs.yml │ ├── resource-compliance-lambda.zip │ ├── resource-selector-lambda.zip │ ├── service-catalog-lambdas-cfn.yml │ ├── service-catalog-networks-cfn.yml │ ├── service-catalog-product-resources-cfn.yml │ ├── ssl.conf │ └── web-server-deployment-cfn.yml └── xacct-pipeline │ ├── README.md │ ├── images │ ├── Architecture.png │ ├── ArtifactBucket.png │ ├── CodePipelineWorkflow.png │ ├── Exports.png │ └── MasterStackOutput.png │ ├── master │ └── VPC.yml │ ├── sc-master.yml │ ├── sc-sub.yml │ └── sub │ ├── CFN │ ├── DeployEC2.yml │ └── DeployVPC.yml │ └── scblog.zip ├── product_template_mapping.tsx.txt ├── rds ├── README.md ├── sc-portfolio-rds.json ├── sc-product-rds-aurora.json ├── sc-product-rds-mariadb.json ├── sc-product-rds-mssql.json ├── sc-product-rds-mysql.json ├── sc-product-rds-postgresql.json ├── sc-rds-aurora-ra.json ├── sc-rds-mariadb-ra.json ├── sc-rds-mssql-ra.json ├── sc-rds-mysql-ra.json ├── sc-rds-postgresql-ra.json ├── sc-rds-ra-architecture-multi-az.png └── sc-rds-ra-architecture-single-instance.png ├── redshift ├── redshift-cluster-vpc.yml └── redshift-commands.yml ├── s3 ├── README.md ├── sc-portfolio-s3.json ├── sc-product-s3-private-enc.json ├── sc-product-s3-private-mfa.json ├── sc-product-s3-private-trans.json ├── sc-product-s3-private.json ├── sc-product-s3-public.json ├── sc-s3-cidr-ra-architecture.png ├── sc-s3-cidr-ra.json ├── sc-s3-encrypted-ra-architecture.png ├── sc-s3-encrypted-ra.json ├── sc-s3-mfa-ra-architecture.png ├── sc-s3-mfa-ra.json ├── sc-s3-public-ra-architecture.png ├── sc-s3-public-ra.json ├── sc-s3-simple-ra.json ├── sc-s3-transition-ra-architecture.png └── sc-s3-transition-ra.json ├── sagemaker ├── README.md ├── aws-marketplace-model-deployment.yml ├── emr-backed-notebook-instance.yml ├── sagemaker_vend_endpoint.yml ├── sc-portfolio-sagemaker.json ├── sc-product-EMR-sagemaker.json ├── sc-product-model-aws-marketplace.json ├── sc-product-sagemaker.json └── sc-sagemaker.yml ├── sc-ra-portfolios.png ├── sc-ra-products.png ├── security ├── README.md ├── guardduty │ ├── deploy_guardduty.yml │ ├── function.zip │ ├── index.py │ ├── sc-enduser-iam.json │ └── sc-gd-launchrole.json ├── sc-portfolio-gd.json └── sc-product-gd.json ├── serverless ├── README.md ├── sc-portfolio-serverless.yml ├── sc-product-serverless-lambda.yml ├── sc-provision-serverless.yml └── sc-serverless-lambda.yml ├── templates ├── taskcat-verify-all.json └── taskcat-verify-ec2VPC.json ├── vpc ├── README.md ├── sc-portfolio-vpc.json ├── sc-product-vpc.json ├── sc-vpc-ra-architecture-multi-az.png └── sc-vpc-ra.json └── workspaces ├── README.md ├── sc-portfolio-workspaces.json ├── sc-product-workspaces.json ├── sc-workspaces-ra-no-encrypt.json ├── sc-workspaces-ra.json └── sc-workspaces-simple.yml /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | *Issue #, if available:* 2 | 3 | *Description of changes:* 4 | 5 | 6 | By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | -------------------------------------------------------------------------------- /AppRegistry/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog AppRegistry reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog AppRegistry Application and Attribute group. 4 | For an example of how to automatically associatge AWS Service Catalog products with AppRegistry see this [sample EC2 template with AppRegistry](https://github.com/aws-samples/aws-service-catalog-reference-architectures/blob/master/ec2/sc-ec2-linux-nginx-nokey-appreg.json). 5 | 6 | ### Try this in your account: 7 | 1. Launch the AppRegistry stack below 8 | 2. Add the [sample EC2 template with AppRegistry](https://github.com/aws-samples/aws-service-catalog-reference-architectures/blob/master/ec2/sc-ec2-linux-nginx-nokey-appreg.json) as a version or product in AWS Service Catalog. 9 | 3. Provision the EC2 product from [AWS Service Catalog](https://console.aws.amazon.com/servicecatalog/#products). 10 | 4. Review the associated resources in AppRegistry found in the [AWS Service Catalog console](https://console.aws.amazon.com/servicecatalog/#applications/). 11 | 12 | 13 | [Admin Guide](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/appregistry.html) 14 | 15 | 16 | See how to create and query an AWS Service Catalog AppRegistry Application with CLI: 17 | [Increase application visibility and governance using AWS Service Catalog AppRegistry](https://aws.amazon.com/blogs/mt/increase-application-visibility-governance-using-aws-service-catalog-appregistry/) 18 | 19 | 20 | ### Install 21 | Launch the AppRegistry stack: 22 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-AppRegistryExample&templateURL=https://s3.amazonaws.com/aws-service-catalog-reference-architectures/AppRegistry/sc-appreg-example.json) 23 | 24 | 25 | -------------------------------------------------------------------------------- /AppRegistry/sc-appreg-example.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "AppRegistry sample appplicaiton and attribute group", 4 | "Parameters": { 5 | "ApplicationName": { 6 | "Description": "Name for your AppRegistry Applicaiton", 7 | "Type": "String", 8 | "Default": "myapplication" 9 | }, 10 | "ApplicationDescription": { 11 | "Description": "Description for your AppRegistry Applicaiton", 12 | "Type": "String", 13 | "Default": "this is a sample application" 14 | }, 15 | "AttributeGroupName": { 16 | "Description": "Name for your AppRegistry AttributeGroup", 17 | "Type": "String", 18 | "Default": "SampleApplication_businessServices" 19 | }, 20 | "AttributeGroupDescription": { 21 | "Description": "Description for your AppRegistry AttributeGroup", 22 | "Type": "String", 23 | "Default": "Sample Application business Services and runtime information" 24 | } 25 | }, 26 | "Resources": { 27 | "AppRegApplication":{ 28 | "Type" : "AWS::ServiceCatalogAppRegistry::Application", 29 | "Properties" : { 30 | "Description" : {"Ref":"ApplicationDescription"}, 31 | "Name" : {"Ref":"ApplicationName"}, 32 | "Tags" : {"TeamOwner" : "Supplychain-devteam-blue"} 33 | } 34 | }, 35 | "AppRegAttributeGroup":{ 36 | "Type" : "AWS::ServiceCatalogAppRegistry::AttributeGroup", 37 | "Properties" : { 38 | "Description" : {"Ref":"AttributeGroupDescription"}, 39 | "Name" : {"Ref":"AttributeGroupName"}, 40 | "Attributes": {"K8":{"helmName":"myhelm","version":"1.0"},"Team":"Supplychain","app-type":"processing","SLA":"1h","Runtime":"Python-3.8","Compliance":["SOC-1","ISO-27018"]} 41 | } 42 | }, 43 | "AppRegAttributeGroupAssoc":{ 44 | "Type" : "AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation", 45 | "Properties" : { 46 | "Application" : {"Ref":"AppRegApplication"}, 47 | "AttributeGroup" : {"Ref":"AppRegAttributeGroup"} 48 | } 49 | } 50 | }, 51 | "Outputs": { 52 | "ApplicationId": { 53 | "Value": { 54 | "Fn::GetAtt": ["AppRegApplication","Id"] 55 | }, 56 | "Export" : { "Name" : {"Fn::Sub": "AppRegApplication-Id" }} 57 | }, 58 | "AttributeGroupId": { 59 | "Value": { 60 | "Fn::GetAtt": ["AppRegAttributeGroup","Id"] 61 | } 62 | } 63 | 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | [Service Catalog Reference Architectures] 2 | Copyright 2018-2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /blog_content/appregistry_ram_share/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /blog_content/appregistry_ram_share/appreg-blog.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/appregistry_ram_share/appreg-blog.zip -------------------------------------------------------------------------------- /blog_content/blogkmsaction/blogkmsaction.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/blogkmsaction/blogkmsaction.zip -------------------------------------------------------------------------------- /blog_content/ctautomation/CT-Bloga.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/ctautomation/CT-Bloga.png -------------------------------------------------------------------------------- /blog_content/ctautomation/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Using AWS Control Tower and AWS Service Catalog to automate Control Tower lifecycle events ## 3 | 4 | 5 | 6 | Many enterprise customers who use AWS Control Tower to create accounts want a way to extend the account creation process. They want this process to cover common business use cases including the creation of networks, security profiles, governance, and compliance. A manual process manually is cumbersome and makes it difficult for the organization to respond to the needs of its business. It might also be expensive if the organization pays another party to manage this process. 7 | 8 | In this blog post, we will show you how to automate steps after an account is created. Each step can be unique to an organizational unit (OU) by placing the name of a template or infrastructure as code (IaC) in a tag on the OU. An OU can have multiple tags, one per lifecycle event. After each lifecycle event, the template in the tag is executed to support the customer's use case. 9 | This solution we describe in the post uses the following AWS services. Most of the resources are set up for you with an AWS CloudFormation stack: 10 | -------------------------------------------------------------------------------- /blog_content/ctautomation/ctautomation_setup.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/ctautomation/ctautomation_setup.zip -------------------------------------------------------------------------------- /blog_content/kmsaction/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /blog_content/kmsaction/content/kmsaction/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /blog_content/manage_entitlement/README.md: -------------------------------------------------------------------------------- 1 | ## Using AWS Control Tower, AWS Service Catalog, and AWS Marketplace to deploy AWS Marketplace license subscriptions. 2 | 3 | Enterprise customers with multiple AWS accounts want to subscribe once to an AWS Marketplace product and have all accounts in the organization deploy AWS Marketplace solutions to support their business use cases without the need to have each account subscribe first. 4 | 5 | AWS Control Tower helps customers create accounts and manage many account configurations and best practices. AWS Service Catalog helps customers deploy AWS resources using a repeatable process that follows best practice for standardization, compliance and security considerations. 6 | 7 | Managing AWS Marketplace licenses across accounts can be complex, and customers want to automate this as part of their normal solution process. In this blog post, we will show you how to use AWS Control Tower and AWS Service Catalog to grant AWS Marketplace licenses to accounts managed by Control Tower, enabling you to easily use AWS Marketplace products in your solutions and services. 8 | 9 | https://aws.amazon.com/blogs/mt/using-aws-control-tower-aws-service-catalog-and-aws-marketplace-to-deploy-aws-marketplace-license-subscriptions/ 10 | 11 | -------------------------------------------------------------------------------- /blog_content/manage_entitlement/mgtentitlement.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/manage_entitlement/mgtentitlement.zip -------------------------------------------------------------------------------- /blog_content/marketplace-reporting/README.md: -------------------------------------------------------------------------------- 1 | **Introduction** 2 | 3 | In today's fast-paced business world, data-driven decision-making is paramount. AWS Marketplace enterprise reporting empowers businesses to gain invaluable insights into their cloud subscriptions, enabling them to optimize costs, manage subscriptions effectively, and enhance overall efficiency 4 | Enterprises value transparency and security when it comes to their AWS Marketplace purchases. In response to this need, AWS Marketplace has introduced a feature that empowers customers to closely monitor all purchase activities within their AWS Marketplace accounts. With AWS CloudTrail logs, customers can now track the procurement activities associated with their AWS Marketplace subscriptions, which are also known as agreements. These logs capture actions when users subscribe to or unsubscribe from an AWS Marketplace SaaS, AMI, container, or professional services product. 5 | -------------------------------------------------------------------------------- /blog_content/marketplace-reporting/mpeventrep.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/marketplace-reporting/mpeventrep.zip -------------------------------------------------------------------------------- /blog_content/marketplace_lic_integration/README.md: -------------------------------------------------------------------------------- 1 | ### AWS Marketplace - AWS License Manager integration 2 | 3 | Execute the cloudformation template mp-lm-one-time-configuration.yaml from management account to setup Integration between AWS license manager and AWS Marketplace 4 | 5 | WARNING: This CloudFormation template creates 2 AWS lambdas OrganizationsSettingsUpdateLambda and LicenseManagerSettingsUpdateLambda to update settings. Please remember to delete these lambdas once Cloudformation execution completes. 6 | -------------------------------------------------------------------------------- /blog_content/procuring_software/README.md: -------------------------------------------------------------------------------- 1 | Procuring software on AWS Marketplace 2 | for customers in regulated spaces 3 | Customers operating in highly-regulated spaces often tell us about the compliance challenges 4 | that they face when procuring commercial software in the cloud. This is especially true for 5 | federal customers subject to the GSA Schedule , or state and local customers operating under 6 | NASPO Value Point. Procurements in this space often require negotiated purchasing agreements 7 | and custom terms between the vendor and buyer. For these customers, it’s paramount that 8 | purchasing agreements are made by a central governing group to minimize the risk of 9 | noncompliant agreements. To solve this challenge for customers, we’ve created a centralized 10 | software procurement and distribution solution using AWS Marketplace Private Offers, License 11 | Manager, and AWS Identity and Access Management (IAM) that gives customers the flexibility 12 | to procure using custom purchasing agreements while maintaining complete governance. 13 | In this post, we present a method for centralizing the procurement and distribution of AWS 14 | Marketplace software that is intended to get customers into highly-regulated environments up 15 | and running with AWS Marketplace. We utilize IAM roles to govern who has access to the AWS 16 | Marketplace subscribe and license distribution actions. Then, we set up AWS License Manager 17 | for the distribution of AWS Marketplace software licenses from a central account. After setting 18 | up the solution, we demonstrate its use through the experiences of the three personas, defined as 19 | follows: 20 | Procurement Manager – This persona is responsible for negotiating 21 | terms and conditions with the AWS Marketplace software vendor. This 22 | persona has the permission to accept AWS Marketplace offers. 23 | Software Manager – This persona is responsible for distributing 24 | access to the procured software using license grants in License 25 | Manager. This persona has permission to distribute and activate 26 | licenses, but it can’t accept AWS Marketplace offers. 27 | End User – This persona is a consumer of the procured software. This 28 | persona can’t accept AWS Marketplace offers. This persona can only 29 | accept software licenses that have been sent to them by the Software 30 | Manager. 31 | -------------------------------------------------------------------------------- /blog_content/procuring_software/templates/IAM_CFT_Proc_Admin.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: 'AWS Marketplace IAM Setup for Enterprise Procurement - Procurement Admin' 4 | Resources: 5 | mpprocadmin: 6 | Properties: 7 | AssumeRolePolicyDocument: 8 | Statement: 9 | - Action: 10 | - sts:AssumeRole 11 | Effect: Allow 12 | Principal: 13 | AWS: 14 | - !Ref 'AWS::AccountId' 15 | Version: '2012-10-17' 16 | ManagedPolicyArns: 17 | - arn:aws:iam::aws:policy/AWSPrivateMarketplaceAdminFullAccess 18 | - arn:aws:iam::aws:policy/AWSMarketplaceFullAccess 19 | Path: / 20 | Policies: 21 | - PolicyDocument: 22 | Statement: 23 | - Action: 24 | - aws-marketplace:Subscribe 25 | - aws-marketplace:ViewSubscriptions 26 | - aws-marketplace:StartBuild 27 | - license-manager:ListDistributedGrants 28 | - license-manager:ListLicenseConfigurations 29 | - license-manager:ListLicenseVersions 30 | - license-manager:ListLicenses 31 | - license-manager:ListReceivedGrants 32 | - license-manager:ListReceivedLicenses 33 | - license-manager:ListResourceInventory 34 | Effect: Allow 35 | Resource: '*' 36 | Version: '2012-10-17' 37 | PolicyName: mpprocadmin 38 | Type: AWS::IAM::Role 39 | Outputs: 40 | MPProcAdmin: 41 | Description: 'Use this role for a Procurement Manager' 42 | Value: !Sub 'https://signin.aws.amazon.com/switchrole?account=${AWS::AccountId}&roleName=${mpprocadmin}&displayName=MPProcAdmin' 43 | MPProcAdminLinks: 44 | Description: 'https://aws.amazon.com/marketplace/privatemarketplace#/ https://aws.amazon.com/marketplace/privatemarketplace/requests https://aws.amazon.com/marketplace/privatemarketplace#/dashboard' 45 | Value: 'https://aws.amazon.com/marketplace/privatemarketplace#/ https://aws.amazon.com/marketplace/privatemarketplace/requests https://aws.amazon.com/marketplace/privatemarketplace#/dashboard' 46 | -------------------------------------------------------------------------------- /blog_content/procuring_software/templates/IAM_CFT_Software_Manager.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: 'AWS Marketplace IAM Setup for Enterprise Procurement - Software Manager' 4 | Resources: 5 | mpsoftwaremanager: 6 | Properties: 7 | AssumeRolePolicyDocument: 8 | Statement: 9 | - Action: 10 | - sts:AssumeRole 11 | Effect: Allow 12 | Principal: 13 | AWS: 14 | - !Ref 'AWS::AccountId' 15 | Version: '2012-10-17' 16 | ManagedPolicyArns: 17 | - arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess 18 | - arn:aws:iam::aws:policy/AWSServiceCatalogEndUserReadOnlyAccess 19 | - arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements 20 | Path: / 21 | Policies: 22 | - PolicyDocument: 23 | Statement: 24 | - Action: 25 | - aws-marketplace:ViewSubscriptions 26 | - aws-marketplace:RegisterUsage 27 | - servicecatalog:SearchProductsAsAdmin 28 | - servicecatalog:createProduct 29 | - license-manager:* 30 | Effect: Allow 31 | Resource: '*' 32 | Version: '2012-10-17' 33 | PolicyName: mpsoftwaremanager 34 | Type: AWS::IAM::Role 35 | Outputs: 36 | MPSoftwareManager: 37 | Description: 'Use this role for a Software Manager' 38 | Value: !Sub 'https://signin.aws.amazon.com/switchrole?account=${AWS::AccountId}&roleName=${mpsoftwaremanager}&displayName=MPSoftwareManager' 39 | -------------------------------------------------------------------------------- /blog_content/procuring_software/templates/README.md: -------------------------------------------------------------------------------- 1 | templates 2 | -------------------------------------------------------------------------------- /blog_content/sagemaker-selfservice/README.md: -------------------------------------------------------------------------------- 1 | This is for a blog 2 | -------------------------------------------------------------------------------- /blog_content/sagemaker-selfservice/sagemaker-selfservice-url.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/sagemaker-selfservice/sagemaker-selfservice-url.zip -------------------------------------------------------------------------------- /blog_content/sagemaker-selfservice/sagemaker-selfservice-url/DeveloperPolicy.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Description: 'Allows a Role/user to call the lambda to generate a URL for SageMaker Notebook' 3 | Parameters: 4 | URLLambdaARN: 5 | Type: String 6 | URLLambdaRole: 7 | Type: String 8 | AdminRole: 9 | Type: String 10 | Default: IibsAdminAccess-DO-NOT-DELETE 11 | 12 | Resources: 13 | #This is the entry that allows Developer to pass role to URLInstanciatorLambdaRoleExecution 14 | DeveloperPassRolePolicy: 15 | Type: AWS::IAM::Policy 16 | DependsOn: DeveloperRole 17 | Properties: 18 | PolicyName : 'DeveloperPassRoleToSageMakerNotebookManagedPolicy' 19 | Roles: 20 | - 'Developer' 21 | PolicyDocument: 22 | Version: "2012-10-17" 23 | Statement: 24 | - Effect: Allow 25 | Action: 26 | - iam:GetRole 27 | - iam:PassRole 28 | Resource: !Ref 'URLLambdaARN' 29 | - Effect: Allow 30 | Action: 31 | - lambda:CreateFunction 32 | - lambda:InvokeFunction 33 | Resource: "*" 34 | - Effect: Allow 35 | Action: 36 | - iam:GetRole 37 | - iam:PassRole 38 | Resource: !Ref 'URLLambdaRole' 39 | - Effect: Allow 40 | Action: 41 | - cloudformation:Describe* 42 | Resource: '*' 43 | 44 | DeveloperRole: 45 | Type: AWS::IAM::Role 46 | Properties: 47 | RoleName: 'Developer' 48 | AssumeRolePolicyDocument: 49 | Version: '2012-10-17' 50 | Statement: 51 | - Effect: Allow 52 | Principal: 53 | Service: 54 | - 'servicecatalog.amazonaws.com' 55 | Action: 56 | - sts:AssumeRole 57 | - Effect: Allow 58 | Principal: 59 | AWS: 60 | - !Ref 'AdminRole' 61 | Action: 62 | - sts:AssumeRole 63 | Path: / 64 | ManagedPolicyArns: 65 | - "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess" 66 | - "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess" 67 | - "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess" 68 | - "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser" 69 | - "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess" 70 | - "arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess" 71 | 72 | Outputs: 73 | DeveloperRole: 74 | Description: Developer Role 75 | Value: !GetAtt 'DeveloperRole.Arn' 76 | Export: 77 | Name: 'Developer-ARN' 78 | -------------------------------------------------------------------------------- /blog_content/sagemaker-selfservice/sagemaker-selfservice-url/PreSignedDomainURL-SageMaker.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Description: 'Fetches the presigned notebook URL for SageMaker, including the role for SageMaker Notebook.' 3 | Parameters: 4 | UserName: 5 | Type: String 6 | Description: The AIM Username to get a new URL. 7 | Default: 'replace-name' 8 | AllowedPattern: '[a-z0-9-]{1,63}' 9 | 10 | 11 | 12 | Resources: 13 | 14 | 15 | PresignURL: 16 | Type: Custom::CreateURL 17 | Properties: 18 | ServiceToken: !ImportValue 'Lambda-SageMakerStudioURL' 19 | PROFILE: !Ref 'UserName' 20 | ENDPOINT: !ImportValue 'Network-APIDNS' 21 | RoleArn: !Sub 'arn:aws:iam::${AWS::AccountId}:role/Notbook-URL-instanciator-SageMaker-Lambda-Role' 22 | Version: 1 23 | 24 | Outputs: 25 | 26 | 27 | PresignedURL: 28 | Description: SageMaker Notebook URL 29 | Value: !GetAtt 30 | - PresignURL 31 | - AuthorizedUrl 32 | 33 | -------------------------------------------------------------------------------- /blog_content/sagemaker-selfservice/sagemaker-selfservice-url/PreSignedURL-SageMaker.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Description: 'Fetches the presigned notebook URL for SageMaker, including the role for SageMaker Notebook.' 3 | Parameters: 4 | NoteBookName: 5 | Type: String 6 | Description: The name of the notebook to get a new URL. 7 | Default: 'replace-name' 8 | AllowedPattern: '[a-z0-9-]{1,63}' 9 | RandomValue: 10 | Type: String 11 | Default: '1' 12 | Description: Change this value to update the product and generate a new URL. 13 | 14 | 15 | 16 | Resources: 17 | 18 | 19 | PresignURL: 20 | Type: Custom::CreateURL 21 | Properties: 22 | ServiceToken: !ImportValue 'Lambda-SageMakerNotebookURL' 23 | PRODUCT: !Ref 'NoteBookName' 24 | ENDPOINT: !ImportValue 'Network-APIDNS' 25 | RoleArn: !Sub 'arn:aws:iam::${AWS::AccountId}:role/Notbook-URL-instanciator-SageMaker-Lambda-Role' 26 | Version: 1 27 | 28 | Outputs: 29 | IP: 30 | Description: SageMaker Notebook FQDN 31 | Value: !GetAtt 32 | - PresignURL 33 | - IP 34 | 35 | PresignedURL: 36 | Description: SageMaker Notebook URL 37 | Value: !GetAtt 38 | - PresignURL 39 | - AuthorizedUrl 40 | 41 | CopyPaste: 42 | Description: Copy & Paste into /etc/hosts to change DNS resolution of this notebook 43 | Value: !GetAtt 44 | - PresignURL 45 | - Hosts 46 | -------------------------------------------------------------------------------- /blog_content/sagemaker-selfservice/sagemaker-selfservice-url/SimpleNotebook.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Description: 'Deploys automation infrastructure for SageMaker, including the role for SageMaker Notebook' 3 | Parameters: 4 | NotebookInstanceName: 5 | Type: String 6 | Description: The name of the notebook 7 | 8 | Resources: 9 | 10 | SageMakerExecutionRole: 11 | Type: "AWS::IAM::Role" 12 | Properties: 13 | RoleName: !Sub 'SageMakerNotebookExecutionRole-${NotebookInstanceName}' 14 | AssumeRolePolicyDocument: 15 | Statement: 16 | - Effect: "Allow" 17 | Principal: 18 | Service: 19 | - "sagemaker.amazonaws.com" 20 | Action: 21 | - "sts:AssumeRole" 22 | Path: "/service-role/" 23 | Policies: 24 | - PolicyName: !Sub 'SageMakerS3BucketAccess-${AWS::StackName}' 25 | PolicyDocument: 26 | Version: '2012-10-17' 27 | Statement: 28 | - Effect: Allow 29 | Action: 30 | - s3:* 31 | Resource: 32 | - !Sub 'arn:aws:s3:::${NotebookInstanceName}' 33 | - !Sub 'arn:aws:s3:::${NotebookInstanceName}/*' 34 | ManagedPolicyArns: 35 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/SageNotebookExecRole-Policy' 36 | 37 | 38 | ####### SageMaker Notebook 39 | SageMakerNotebook: 40 | Type: AWS::SageMaker::NotebookInstance 41 | DependsOn: SageMakerExecutionRole 42 | Properties: 43 | DirectInternetAccess: 'Disabled' 44 | InstanceType: 'ml.t2.medium' 45 | KmsKeyId: !ImportValue 'CMK-KeyId' 46 | NotebookInstanceName: !Ref 'NotebookInstanceName' 47 | RoleArn: !GetAtt 'SageMakerExecutionRole.Arn' 48 | RootAccess: 'Disabled' 49 | SecurityGroupIds: 50 | - !ImportValue 'Network-SecurityGroup-Global' 51 | SubnetId: !ImportValue 'Network-PrivateSubnet1A' 52 | VolumeSizeInGB: '50' 53 | 54 | 55 | Outputs: 56 | Notebook: 57 | Description: The notebook 58 | Value: !Ref 'SageMakerNotebook' 59 | -------------------------------------------------------------------------------- /blog_content/sc_appregistry/README.md: -------------------------------------------------------------------------------- 1 | 2 | **Managing your application metadata using Service Catalog App Registry** 3 | 4 | Customers need a way to track all of their AWS application resources in one place, and associate metadata like cost center, business unit with those resources centrally. AWS Service Catalog AppRegistry removes the need for complex tag management and allows for customers to aggregate application metadata such as cost center and business units across multiple AWS services into one registry. It also unlocks ITSM or CMDB use cases to be able to track resources ServiceNow, leveraging the AWS Service Management Connector for ServiceNow. Customers I work with would like to be able to track application information across AWS accounts and regions. 5 | 6 | In this post I will show you how to manage application metadata across AWS regions and accounts using AWS Service Catalog AppRegistry, AWS Neptune, and a few other AWS services. 7 | https://aws.amazon.com/blogs/mt/managing-your-application-metadata-using-aws-service-catalog-app-registry/ 8 | -------------------------------------------------------------------------------- /blog_content/sc_appregistry/appregsetup.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/sc_appregistry/appregsetup.zip -------------------------------------------------------------------------------- /blog_content/sc_polly/README.md: -------------------------------------------------------------------------------- 1 | ## Create speech-enabled products using AWS Service Catalog and Amazon Polly 2 | 3 | In this post, we’ll show how enterprises can use AWS Service Catalog to create AWS Service 4 | Catalog products based on AWS machine learning (ML) services, such as Amazon Polly and 5 | Amazon Rekognition. 6 | 7 | These products are packaged in AWS Service Catalog portfolios that customers can use for 8 | their use cases. These portfolios can generate revenue for service provider when deployed in a 9 | service provider managed environment. In this post, we’ll focus on a use case for Amazon Polly. 10 | 11 | Amazon Polly is a service that turns text into lifelike speech, which in turn lets you create 12 | applications that can talk and build speech-enabled products. Amazon Polly uses advanced 13 | deep learning technology to synthesize speech that sounds like the human voice. Many 14 | organizations need to provide spoken responses with their web and mobile applications, like 15 | accessibility applications for visually impaired people, news readers, story readers, e-learning 16 | platforms, and internet connected devices. Amazon Polly produces high-quality audio files 17 | with superior natural speech, high pronunciation accuracy and low latency, all in a cost- 18 | effective manner. 19 | 20 | -------------------------------------------------------------------------------- /blog_content/sc_polly/scpolly.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/sc_polly/scpolly.zip -------------------------------------------------------------------------------- /blog_content/screports/README.md: -------------------------------------------------------------------------------- 1 | **Managing cross-Region reports for AWS Marketplace and AWS Service Catalog resources** 2 | 3 | Organizations have many business reasons to track resource usage across their AWS environments. For example, management and administrative teams want to track operation expenditure, license governance, and asset tracking for their AWS Marketplace solutions across Regions currently in use. A centralized reporting dashboard allows the teams to access this information quickly and efficiently. 4 | 5 | This post will show you how to create cross-region deployment reports. They will contain information on any AWS service deployed via Service Catalog, e.g., storage, databases, containers, and any third-party Marketplace ISV solutions. Organizations can view all AWS Service Catalog deployments in these reports in a simple, easy-to-use dashboard. 6 | -------------------------------------------------------------------------------- /blog_content/screports/screports.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/screports/screports.zip -------------------------------------------------------------------------------- /blog_content/securing-third-party-data-and-ml-apps/README.md: -------------------------------------------------------------------------------- 1 | README 2 | ------- 3 | These sample CloudFormation templates show how applications comprising of third-party ML models, VPC, IAM roles, and data products can be composed using AWS Service Catalog. -------------------------------------------------------------------------------- /blog_content/service_catalog_enhanced_acct_fact/README.md: -------------------------------------------------------------------------------- 1 | Many enterprise customers who use AWS Control Tower to create accounts want an uncomplicated way to extend the next steps in the account creation process. These next steps cover common business use cases, including creating networks, security profiles, governance, and compliance. Executing these processes for every new account created manually is cumbersome and challenging to manage. Using third-party service providers to address the process can be expensive. 2 | 3 | There is the option to use Customizations for Control Tower to help alleviate some of these pain points. This solution lets you add customizations to AWS Control Tower and deploy your customizations to existing and new accounts. However, customers are looking for a more simplified way to create AWS accounts with enhancements unique to each account. 4 | 5 | This is where AWS Account Factory Enhancements come in. This solution leverages AWS Service Catalog to present an AWS Account Factory product to the End User to create an AWS account and, in the creation process, add enhancements that they would like. The enhancements are based on AWS CloudFormation templates launched in the newly created account. The templates can perform fundamental tasks in the new accounts, like creating networks, security roles, storage profiles, configuring threat detection, and more. 6 | 7 | This particular post will show how you can add an Amazon Simple Storage Service (Amazon S3) for storage and/or Amazon GuardDuty for intelligent threat detection to the AWS account configuration process. Although we’re only showing a few options, this blog will also show you how to extend this capability by adding additional CloudFormation templates to address other business requirements. 8 | -------------------------------------------------------------------------------- /blog_content/service_catalog_enhanced_acct_fact/scenhanceaccafact.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/service_catalog_enhanced_acct_fact/scenhanceaccafact.zip -------------------------------------------------------------------------------- /blog_content/servicenow-sap/README.md: -------------------------------------------------------------------------------- 1 | a 2 | -------------------------------------------------------------------------------- /blog_content/servicenow-sap/sc_lwiz_sap.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/blog_content/servicenow-sap/sc_lwiz_sap.zip -------------------------------------------------------------------------------- /bulkprovision/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | bin/ 3 | obj/ 4 | build/ 5 | package/ 6 | lambda/ 7 | ~* 8 | *.zip 9 | .Python 10 | [Bb]in 11 | [Ii]nclude 12 | [Ll]ib 13 | [Ll]ib64 14 | [Ll]ocal 15 | [Ss]cripts 16 | share 17 | pyvenv.cfg 18 | .venv 19 | pip-selfcheck.json 20 | -------------------------------------------------------------------------------- /bulkprovision/images/cswp001.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/bulkprovision/images/cswp001.png -------------------------------------------------------------------------------- /bulkprovision/images/cswp002.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/bulkprovision/images/cswp002.png -------------------------------------------------------------------------------- /bulkprovision/images/cswp003.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/bulkprovision/images/cswp003.png -------------------------------------------------------------------------------- /bulkprovision/images/i.dat: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /bulkprovision/images/kms.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/bulkprovision/images/kms.png -------------------------------------------------------------------------------- /bulkprovision/images/wait.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/bulkprovision/images/wait.jpeg -------------------------------------------------------------------------------- /bulkprovision/images/workspacescreen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/bulkprovision/images/workspacescreen.png -------------------------------------------------------------------------------- /bulkprovision/lambda_function.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from bulkexecute import SC_Provision 3 | from bulkmonitor import SC_Monitor 4 | 5 | logger = logging.getLogger() 6 | logger.setLevel(logging.INFO) 7 | 8 | def uploadcsv_handler(event, context): 9 | logger.debug(event) 10 | provisioner = SC_Provision(event) 11 | return(provisioner.UploadCSV()) 12 | 13 | def provision_handler(event, context): 14 | logger.debug(event) 15 | provisioner = SC_Provision(event) 16 | return(provisioner.ProvisionProducts()) 17 | 18 | def terminate_handler(event, context): 19 | logger.debug(event) 20 | provisioner = SC_Provision(event) 21 | return(provisioner.TerminateProducts()) 22 | 23 | def failure_handler(event, context): 24 | logger.debug(event) 25 | monitor = SC_Monitor(event) 26 | return(monitor.HandleFailed()) 27 | 28 | def monitor_handler(event, context): 29 | logger.debug(event) 30 | monitor = SC_Monitor(event) 31 | return(monitor.Run()) 32 | 33 | def cleanup_handler(event, context): 34 | logger.debug(event) 35 | monitor = SC_Monitor(event) 36 | return(monitor.RemoveEntries()) 37 | 38 | -------------------------------------------------------------------------------- /bulkprovision/lambda_startSF.py: -------------------------------------------------------------------------------- 1 | import os 2 | import boto3 3 | import json 4 | import logging 5 | from common import cfnresponse 6 | client = boto3.client('stepfunctions') 7 | logger = logging.getLogger() 8 | 9 | 10 | def handler(event, context): 11 | if event['RequestType'] != 'Delete': 12 | try: 13 | doupload=True if event['ResourceProperties']['doupload'] == 'True' else False 14 | input = { 15 | "doupload":doupload, 16 | "waitseconds":event['ResourceProperties']['waitseconds'], 17 | "ReportEmail":event['ResourceProperties']['ReportEmail'], 18 | "csv":{ 19 | "csvbucket":event['ResourceProperties']['csvbucket'], 20 | "csvkey":event['ResourceProperties']['csvkey'], 21 | "BatchId":event['ResourceProperties']['BatchId'] 22 | }, 23 | "provision": { 24 | "scparams":event['ResourceProperties']['scparams'], 25 | "tags":event['ResourceProperties']['tags'] 26 | }} 27 | client.start_execution( 28 | stateMachineArn=os.environ["statemachinearn"], 29 | input=json.dumps(input)) 30 | except e: 31 | logger.exception(e) 32 | cfnresponse(event, context, 'FAILED', {"error":repr(e)}) 33 | return 34 | cfnresponse(event, context, 'SUCCESS') -------------------------------------------------------------------------------- /bulkprovision/makefile: -------------------------------------------------------------------------------- 1 | .PHONY: lambda .clean release 2 | 3 | lambda: .clean 4 | mkdir -p build/ 5 | mkdir -p lambda/ 6 | cp -r common build 7 | cp lambda_startSF.py build 8 | cd build; zip -9qr ../start_stepf_lambda.zip * 9 | 10 | rm -rf build/lambda_startSF.py 11 | cp -r bulkexecute build 12 | cp -r bulkmonitor build 13 | cp lambda_function.py build 14 | cd build; zip -9qr ../bulkexecute_lambda.zip * 15 | cd build; zip -9qr ../bulkmonitor_lambda.zip * 16 | 17 | zip -9 bulkreport_lambda.zip ./lambda_email.py 18 | 19 | mv bulkexecute_lambda.zip lambda/ 20 | mv bulkmonitor_lambda.zip lambda/ 21 | mv bulkreport_lambda.zip lambda/ 22 | mv start_stepf_lambda.zip lambda/ 23 | 24 | .clean: 25 | find . -name "*.pyc" -exec rm -f {} \; 26 | find . -type d -name __pycache__ -delete 27 | rm -rf build 28 | rm -rf package 29 | rm -rf lambda 30 | rm -rf __pycache__ 31 | 32 | release: lambda 33 | mkdir -p package/ 34 | cp -r lambda/ package/ 35 | cp -r templates/ package/ 36 | cp -r build/ package/ 37 | cp testlambdas.py package/ 38 | cd package; zip -9qr ../bulkmonitor_release.zip * 39 | -------------------------------------------------------------------------------- /bulkprovision/templates/bulk-cf-testprod.json: -------------------------------------------------------------------------------- 1 | { 2 | "Description": "Testing template to confirm bulk provisioning process. Use this to confirm your CSV file and lambda parameters match with Service Catalog. This will simply wait 10 seconds then show the inputs in the outputs", 3 | "Parameters": { 4 | "DirectoryId": { 5 | "Description": "DirectoryId ", 6 | "Type": "String" 7 | }, 8 | "UserName": { 9 | "Description": "Workspaces AD user", 10 | "Type": "String" 11 | }, 12 | "BundleId": { 13 | "Description": "BundleId ", 14 | "Type": "String" 15 | }, 16 | "KMSKey":{ 17 | "Description": "KMS Key ", 18 | "Type": "String" 19 | } 20 | }, 21 | "Resources": { 22 | "S3Bucket": { 23 | "Type": "AWS::S3::Bucket", 24 | "Properties": { 25 | "AccessControl": "Private" 26 | } 27 | } 28 | }, 29 | "Outputs": { 30 | "DirectoryId": { 31 | "Description": "The DirectoryId input", 32 | "Value": { 33 | "Ref": "DirectoryId" 34 | } 35 | }, 36 | "UserName": { 37 | "Description": "The username input", 38 | "Value": { 39 | "Ref": "UserName" 40 | } 41 | }, 42 | "BundleId": { 43 | "Description": "The BundleId input", 44 | "Value": { 45 | "Ref": "BundleId" 46 | } 47 | }, 48 | "KMSKey": { 49 | "Description": "The KMSKey input", 50 | "Value": { 51 | "Ref": "KMSKey" 52 | } 53 | } 54 | } 55 | } -------------------------------------------------------------------------------- /bulkprovision/templates/bulkmonitor-dynamo.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "DynamoDB", 4 | "Parameters": { 5 | "BulkDynamoTablename": { 6 | "Type": "String", 7 | "Default":"sc-bulkdeploy-details" 8 | } 9 | }, 10 | "Resources": { 11 | "DynamodbWPbulkdeployDetails": { 12 | "Type": "AWS::DynamoDB::Table", 13 | "Properties": { 14 | "AttributeDefinitions": [ 15 | { 16 | "AttributeName": "guidkey", 17 | "AttributeType": "S" 18 | }, 19 | { 20 | "AttributeName": "status", 21 | "AttributeType": "S" 22 | } 23 | ], 24 | "KeySchema": [ 25 | { 26 | "AttributeName": "status", 27 | "KeyType": "HASH" 28 | }, 29 | { 30 | "AttributeName": "guidkey", 31 | "KeyType": "RANGE" 32 | } 33 | ], 34 | "ProvisionedThroughput": { 35 | "ReadCapacityUnits": "5", 36 | "WriteCapacityUnits": "25" 37 | }, 38 | "TableName": {"Ref":"BulkDynamoTablename"} 39 | } 40 | } 41 | }, 42 | "Outputs": { 43 | "BulkDynamoTablename": { 44 | "Description": "Bulk Dynamo Tablename", 45 | "Value": {"Ref": "BulkDynamoTablename"} 46 | } 47 | } 48 | 49 | } -------------------------------------------------------------------------------- /bulkprovision/test.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/python3 2 | import time 3 | import json 4 | import boto3 5 | from lambda_function import provision_handler,uploadcsv_handler,terminate_handler,monitor_handler,failure_handler,cleanup_handler 6 | import logging 7 | logging.basicConfig() 8 | logger = logging.getLogger() 9 | #logger.setLevel(logging.DEBUG) 10 | logger.setLevel(logging.INFO) 11 | 12 | 13 | ###################### SET VALUES HERE FOR YOUR ACCOUNT ########################## 14 | DEFAULT_REGION = 'us-east-1' 15 | CSV_BUCKET= "xxxxxxxxxxx" 16 | CSV_KEY= "xxxxxxxxxxx" 17 | DYANMO_TABLE = "xxxxxxxxxxx" 18 | PRODUCT_ID= "prod-xxxxxxxxxxx" # #Bulk deploy product 19 | PROVISIONINGA_ART_ID="pa-xxxxxxxxxxx" # Workspace 20 | #PROVISIONINGA_ART_ID="pa-xxxxxxxxxxx" #S3 bucket 21 | SC_TEMPLATE_PARAMETER_NAMES = "DirectoryId,UserName,BundleId,KMSKey" 22 | RETRY=2 23 | 24 | 25 | print(boto3.client('sts').get_caller_identity()) 26 | 27 | 28 | def uploadExec(): 29 | uploadcsv_handler({"csvbucket":CSV_BUCKET,"csvkey":CSV_KEY,"dytable":DYANMO_TABLE, "region":DEFAULT_REGION},None) 30 | 31 | def terminate(): 32 | terminate_handler({"status":"AVAILABLE","dytable":DYANMO_TABLE, "region":DEFAULT_REGION},None) 33 | 34 | def monitor(): 35 | count = 1 36 | 37 | while count > 0: 38 | count = 0 39 | cleanup_handler({"status":["FAILED","TERMINATED"],"dytable":DYANMO_TABLE, "region":DEFAULT_REGION}, None) 40 | 41 | # uncomment the line below to override the SSM parameter values for product and provisioning artifact IDs 42 | provision_handler({"dytable":DYANMO_TABLE, "region":DEFAULT_REGION, 43 | #"scproductid":PRODUCT_ID,"scpaid":PROVISIONINGA_ART_ID, 44 | "scparams":SC_TEMPLATE_PARAMETER_NAMES, 45 | "tags":[ {"Key":"auto_provision","Value":"SUCCESS"}] } ,None) 46 | 47 | resp= monitor_handler({"dytable":DYANMO_TABLE,"status":["PROVISIONING","TERMINATING"], "region":DEFAULT_REGION },None) 48 | count += resp["statusCount"] 49 | resp= failure_handler({"dytable":DYANMO_TABLE,"status":["TERMINATING-FAILURE","STATUS-ERROR","PRODUCT-ERROR","PROVISION-ERROR"],"retrythreshold":RETRY, "region":DEFAULT_REGION },None) 50 | count += resp["statusCount"] 51 | 52 | print("waiting...") 53 | time.sleep(15) 54 | # endwhile 55 | 56 | 57 | 58 | if __name__ == "__main__": 59 | # comment out lines here to prevent multiple CSV uploads and termination 60 | uploadExec() 61 | monitor() 62 | #terminate() -------------------------------------------------------------------------------- /codepipeline/ServiceCatalog-CICD-templates.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/codepipeline/ServiceCatalog-CICD-templates.png -------------------------------------------------------------------------------- /codepipeline/blacklist-cfnnag.yml: -------------------------------------------------------------------------------- 1 | --- 2 | RulesToSuppress: 3 | - id: F38 4 | reason: F38 will be ignored for multi account deployment 5 | -------------------------------------------------------------------------------- /codepipeline/buildspec-cnfnag.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | install: 4 | commands: 5 | - gem install cfn-nag 6 | build: 7 | commands: 8 | - chmod +x codepipeline/run-cfnnag.sh 9 | - /bin/bash codepipeline/run-cfnnag.sh 10 | -------------------------------------------------------------------------------- /codepipeline/buildspec.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | build: 4 | commands: 5 | - echo "S3 Upload Beginning" 6 | - export ACCID=$(aws sts get-caller-identity --query 'Account' | tr -d '"') 7 | - aws s3 sync . s3://$DEPLOY_BUCKET/ --delete --exclude "*" --include "*.json" --include "*.yml" 8 | - echo "S3 Upload Complete, updating cloudformation now..." 9 | - /bin/bash codepipeline/run-pipelineupdate.sh 10 | # - /bin/bash codepipeline/run-cloudformationupdate.sh 11 | - aws cloudformation update-stack-set --stack-set-name SC-IAC-automated-IAMroles --parameters "[{\"ParameterKey\":\"RepoRootURL\",\"ParameterValue\":\"https://$DEPLOY_BUCKET.s3.amazonaws.com/\"}]" --template-url "https://$DEPLOY_BUCKET.s3.amazonaws.com/iam/sc-demosetup-iam.json" --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND 12 | - aws cloudformation update-stack-set --stack-set-name SC-IAC-automated-portfolio --parameters "[{\"ParameterKey\":\"LinkedRole2\",\"UsePreviousValue\":true},{\"ParameterKey\":\"LinkedRole1\",\"UsePreviousValue\":true},{\"ParameterKey\":\"LaunchRoleName\",\"UsePreviousValue\":true},{\"ParameterKey\":\"RepoRootURL\",\"ParameterValue\":\"https://$DEPLOY_BUCKET.s3.amazonaws.com/\"}]" --template-url "https://$DEPLOY_BUCKET.s3.amazonaws.com/ec2/sc-portfolio-ec2demo.json" --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND 13 | post_build: 14 | commands: 15 | - echo "Deploy complete" 16 | -------------------------------------------------------------------------------- /codepipeline/run-cfnnag.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | shopt -s nullglob 3 | mkdir -p templates/ 4 | cp {ec2,vpc}/*.{json,yml} templates/ 5 | cp codepipeline/*.json templates/ 6 | for f in templates/*; do 7 | if cfn_nag_scan --input-path "$f" --blacklist-path ./codepipeline/blacklist-cfnnag.yml; then 8 | echo "$f PASSED" 9 | else 10 | echo "$f FAILED" 11 | touch FAILED 12 | fi 13 | done 14 | 15 | if [ -e FAILED ]; then 16 | echo cfn-nag FAILED at least once! 17 | exit 1 18 | else 19 | echo cfn-nag PASSED on all files! 20 | exit 0 21 | fi 22 | -------------------------------------------------------------------------------- /codepipeline/run-cloudformationupdate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Using Account:$ACCID Region:$AWS_DEFAULT_REGION" 3 | ACCID=$(aws sts get-caller-identity --query 'Account' | tr -d '"') 4 | ESTR=$((aws cloudformation update-stack --stack-name SC-IAC-automated-portfolio --parameters "[{\"ParameterKey\":\"LinkedRole2\",\"UsePreviousValue\":true},{\"ParameterKey\":\"LinkedRole1\",\"UsePreviousValue\":true},{\"ParameterKey\":\"LaunchRoleName\",\"UsePreviousValue\":true},{\"ParameterKey\":\"RepoRootURL\",\"ParameterValue\":\"https://$DEPLOY_BUCKET.s3.amazonaws.com/\"}]" --template-url "https://$DEPLOY_BUCKET.s3.amazonaws.com/ec2/sc-portfolio-ec2demo.json") 2>&1) 5 | ECODE=$? 6 | if [[ "$ECODE" -eq "255" && "$ESTR" =~ .(No updates are to be performed\.)$ ]] 7 | then 8 | echo "No updates, continue." 9 | exit 0 10 | else 11 | echo "$ECODE $ESTR" 12 | exit $ECODE 13 | fi 14 | -------------------------------------------------------------------------------- /codepipeline/run-pipelineupdate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | echo "Using Account:$ACCID Region:$AWS_DEFAULT_REGION" 3 | ACCID=$(aws sts get-caller-identity --query 'Account' | tr -d '"') 4 | ESTR=$((aws cloudformation update-stack --stack-name SC-RA-IACPipeline --parameters '[{"ParameterKey":"ChildAccountAccess","UsePreviousValue":true}]' --template-url "https://$DEPLOY_BUCKET.s3.amazonaws.com/codepipeline/sc-codepipeline-ra.json" --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND) 2>&1) 5 | ECODE=$? 6 | if [[ "$ECODE" -eq "255" && "$ESTR" =~ .(No updates are to be performed\.)$ ]] 7 | then 8 | echo "No updates, continue." 9 | exit 0 10 | else 11 | echo "$ECODE $ESTR" 12 | exit $ECODE 13 | fi -------------------------------------------------------------------------------- /codepipeline/sc-cicd-ra-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/codepipeline/sc-cicd-ra-architecture.png -------------------------------------------------------------------------------- /codepipeline/sc-product-cloud9.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Cloud9 ServiceCatalog product. (fdp-1qj64b3cq)", 4 | "Parameters": 5 | { 6 | "PortfolioProvider": { 7 | "Type":"String", 8 | "Description":"Provider Name" 9 | }, 10 | "PortfolioId":{ 11 | "Type":"String", 12 | "Description":"The SC portfolio this product will be attached to." 13 | }, 14 | "RepoRootURL": { 15 | "Type":"String", 16 | "Description":"Root url for the repo containing the product templates." 17 | } 18 | }, 19 | "Resources": { 20 | "Cloud9Product": { 21 | "Type": "AWS::ServiceCatalog::CloudFormationProduct", 22 | "Properties": { 23 | "Name": "AWS Cloud9 IDE", 24 | "Description": "This product provisions one Cloud9 Developer IDE instance.", 25 | "Owner": {"Ref":"PortfolioProvider"}, 26 | "Distributor": {"Ref":"PortfolioProvider"}, 27 | "SupportDescription": "Operations Team", 28 | "SupportEmail": "support@yourcompany.com", 29 | "AcceptLanguage": "en", 30 | "SupportUrl": "http://helpdesk.yourcompany.com", 31 | "ProvisioningArtifactParameters": [ 32 | { 33 | "Description": "v1.0", 34 | "Info": { 35 | "LoadTemplateFromURL": {"Fn::Sub": "${RepoRootURL}codepipeline/sc-cloud9.json"} 36 | }, 37 | "Name": "Cloud9 IDE" 38 | } 39 | ] 40 | } 41 | }, 42 | "Associatenginxcf":{ 43 | "Type" : "AWS::ServiceCatalog::PortfolioProductAssociation", 44 | "Properties" : { 45 | "PortfolioId" : {"Ref":"PortfolioId"}, 46 | "ProductId" : {"Ref":"Cloud9Product"} 47 | } 48 | } 49 | }, 50 | "Outputs": { 51 | "ProductId":{"Value": { "Ref":"Cloud9Product" } } 52 | } 53 | } -------------------------------------------------------------------------------- /dynamodb/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog DynamoDB Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called 4 | "AWS Service Catalog DynamoDB Reference Architecture" with 1 associated product. 5 | The AWS Service Catalog Product references DynamoDB Table cloudformation template 6 | which can be launched by end users through AWS Service Catalog. 7 | 8 | ### Install 9 | Launch the DynamoDB portfolio stack: 10 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-DynamoDBPortfolio&templateURL=https://s3.amazonaws.com/aws-service-catalog-reference-architectures/dynamodb/sc-portfolio-dynamodb.yml) 11 | -------------------------------------------------------------------------------- /dynamodb/sc-portfolio-dynamodb.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: "2010-09-09" 2 | 3 | Description: DynamoDB Portfolio for Service Catalog. (fdp-1qj64b3hb) 4 | 5 | Parameters: 6 | PortfolioProvider: 7 | Type: String 8 | Description: Provider Name 9 | Default: IT Services 10 | PortfolioName: 11 | Type: String 12 | Description: Portfolio Name 13 | Default: Service Catalog DynamoDB Reference Architecture 14 | PortfolioDescription: 15 | Type: String 16 | Description: Portfolio Description 17 | Default: Service Catalog Portfolio that contains products for Amazon DynamoDB 18 | LaunchRoleName: 19 | Type: String 20 | Description: Name of the launch constraint role for DynamoDB products. leave this blank to create the role 21 | LinkedRole: 22 | Type: String 23 | Description: (Optional) The name of a role which can execute products in this portfolio 24 | RepoRootURL: 25 | Type: String 26 | Description: Root url for the repo containing the product templates 27 | Default: https://s3.amazonaws.com/aws-service-catalog-reference-architectures/ 28 | 29 | Conditions: 30 | CreateLaunchConstraint: !Equals [!Ref LaunchRoleName, ""] 31 | CondLinkRole: !Not 32 | - !Equals [!Ref LinkedRole, ""] 33 | 34 | Resources: 35 | SCDynamoDBportfolio: 36 | Type: AWS::ServiceCatalog::Portfolio 37 | Properties: 38 | ProviderName: !Ref PortfolioProvider 39 | Description: !Ref PortfolioDescription 40 | DisplayName: !Ref PortfolioName 41 | 42 | Addrole: 43 | Type: AWS::ServiceCatalog::PortfolioPrincipalAssociation 44 | Condition: CondLinkRole 45 | Properties: 46 | PrincipalARN: !Sub arn:aws:iam::${AWS::AccountId}:role/${LinkedRole} 47 | PortfolioId: !Ref SCDynamoDBportfolio 48 | PrincipalType: IAM 49 | 50 | LaunchConstraintRole: 51 | Type: AWS::CloudFormation::Stack 52 | Condition: CreateLaunchConstraint 53 | Properties: 54 | TemplateURL: !Sub ${RepoRootURL}iam/sc-dynamodb-launchrole.yml 55 | TimeoutInMinutes: 5 56 | 57 | DynamoDBStandardProduct: 58 | Type: AWS::CloudFormation::Stack 59 | Properties: 60 | Parameters: 61 | PortfolioProvider: !Ref PortfolioProvider 62 | LaunchConstraintARN: !If 63 | - CreateLaunchConstraint 64 | - !GetAtt ["LaunchConstraintRole", "Outputs.LaunchRoleArn"] 65 | - !Sub arn:aws:iam::${AWS::AccountId}:role/${LaunchRoleName} 66 | PortfolioId: !Ref SCDynamoDBportfolio 67 | RepoRootURL: !Ref RepoRootURL 68 | TemplateURL: !Sub ${RepoRootURL}dynamodb/sc-product-dynamodb.yml 69 | TimeoutInMinutes: 5 70 | -------------------------------------------------------------------------------- /dynamodb/sc-product-dynamodb.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: "2010-09-09" 2 | 3 | Description: Service Catalog DynamoDB Product (fdp-1qj64b3i0) 4 | 5 | Parameters: 6 | PortfolioProvider: 7 | Type: String 8 | Description: Owner and Distributor Name 9 | LaunchConstraintARN: 10 | Type: String 11 | Description: ARN of the launch constraint role for DynamoDB products 12 | PortfolioId: 13 | Type: String 14 | Description: The ServiceCatalog portfolio this product will be attached to 15 | RepoRootURL: 16 | Type: String 17 | Description: Root url for the repo containing the product templates 18 | 19 | Resources: 20 | SCDynamoDBproduct: 21 | Type: AWS::ServiceCatalog::CloudFormationProduct 22 | Properties: 23 | Name: Amazon DynamoDB Table 24 | Description: This product builds an Amazon DynamoDB table 25 | Owner: !Ref PortfolioProvider 26 | Distributor: !Ref PortfolioProvider 27 | SupportDescription: Operations Team 28 | SupportEmail: support@yourcompany.com 29 | AcceptLanguage: en 30 | SupportUrl: http://helpdesk.yourcompany.com 31 | ProvisioningArtifactParameters: 32 | - Description: baseline version 33 | Info: 34 | LoadTemplateFromURL: !Sub ${RepoRootURL}dynamodb/sc-dynamodb-ra.yml 35 | Name: v1.0 36 | 37 | AssociateDynamoDB: 38 | Type: AWS::ServiceCatalog::PortfolioProductAssociation 39 | Properties: 40 | PortfolioId: !Ref PortfolioId 41 | ProductId: !Ref SCDynamoDBproduct 42 | 43 | ConstraintDynamoDB: 44 | Type: AWS::ServiceCatalog::LaunchRoleConstraint 45 | DependsOn: AssociateDynamoDB 46 | Properties: 47 | PortfolioId: !Ref PortfolioId 48 | ProductId: !Ref SCDynamoDBproduct 49 | RoleArn: !Ref LaunchConstraintARN 50 | Description: !Ref LaunchConstraintARN 51 | -------------------------------------------------------------------------------- /ec2/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog EC2 Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called "Service Catalog EC2 Reference Architecture" 4 | with associated products. The AWS Service Catalog Product references cloudformation templates for the Amazon EC2 Linux and 5 | Windows instances which can be launched by end users through AWS Service Catalog. The AWS Service Catalog EC2 product creates 6 | either an Amazon Linux or Microsoft Windows EC2 instance in the VPC and Subnets selected by the end user. 7 | A Amazon Simple Systems Manager patch baseline, maintenance window and task are created to allow for automated patching of the 8 | Amazon Linux and Microsoft Windows operating systems. The Portfolio also includes a Linux webserver Product with either Apache or NGINX versions. 9 | 10 | 11 | ### Install 12 | Launch the EC2 portfolio stack: 13 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-EC2DemoPortfolio&templateURL=https://s3.amazonaws.com/aws-service-catalog-reference-architectures/ec2/sc-portfolio-ec2demo.json) 14 | * If you have already run the VPC template, then you will put the _output.LaunchRoleName_ from the completed LaunchConstraintRole stack in the _LaunchRoleName_ field (default is SCEC2LaunchRole). 15 | 16 | Be aware, running this service as demonstrated here is non-SSL http. In production you must protect all web traffic with SSL. 17 | The example templates here cannot create and manage SSL for you, so it must be done as an additional task in your account. 18 | 19 | 20 | ### EC2 Architecture with Amazon Linux and Microsoft Windows instances 21 | 22 | ![sc-ec2-ra-architecture.png](sc-ec2-ra-architecture.png) 23 | 24 | 25 | -------------------------------------------------------------------------------- /ec2/sc-ec2-ra-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/ec2/sc-ec2-ra-architecture.png -------------------------------------------------------------------------------- /ecs/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog ECS Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called "Service Catalog Containers Reference Architecture" 4 | The Portfolio provides 4 products which will create a full DevOps deployment pipeline from code to container deployment in Fargate. 5 | 6 | 7 | ![SC-Devops-ECS.png](SC-Devops-ECS.png) 8 | 9 | 10 | [![HowToVideo](https://img.youtube.com/vi/zMAbVbIB9TY/0.jpg)](https://www.youtube.com/watch?v=zMAbVbIB9TY&list=PLhr1KZpdzukcaA06WloeNmGlnM_f1LrdP) 11 | 12 | See the blog about this solution: 13 | [Launch a standardized DevOps pipeline to deploy containerized applications using AWS Service Catalog](https://aws.amazon.com/blogs/mt/launch-a-standardized-devops-pipeline-to-deploy-containerized-applications-using-aws-service-catalog/) 14 | 15 | 16 | 17 | 1. Create the portfolio using the Launchstack: 18 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/#/stacks/new?stackName=SC-RA-ECS-Portfolio&templateURL=https://aws-service-catalog-reference-architectures.s3.amazonaws.com/ecs/sc-portfolio-ecs.json) 19 | 2. Provision the cluster and codepipeline products from Service Catalog. 20 | 3. The provisioned codepipeline product will create a new CodeCommit repo. 21 | a. Add your code, docker file, and tests. 22 | a. Adjust the skeleton builspecs in the codepipeline/ subfolder to fit your project tests and build commands. 23 | b. Check-in the code to the new codecommit repo. CodePipeline will validate, build according to the buildspec files. 24 | c. If all stages complete then CodePipeline will push the container to ECR. 25 | 3. Once the container is in ECR you can provision the supplied Fargate Service product in Service Catalog. 26 | This will create an ECS Service which is launched in the previously provisioned Fargate Cluster. You may then view your new service using the ExternalUrl 27 | output parameter from the ECS Cluster product. 28 | 29 | Be aware, running this service as demonstrated here is non-SSL http. In production you must protect all web traffic with SSL. 30 | The example templates here cannot create and manage SSL for you, so it must be done as an additional task in your account. 31 | 32 | For more example ECS tamplates and to see the original source of the provided templates see this [repo](https://github.com/awslabs/aws-cloudformation-templates/tree/master/aws/services/ECS) 33 | 34 | 35 | -------------------------------------------------------------------------------- /ecs/SC-Devops-ECS.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/ecs/SC-Devops-ECS.png -------------------------------------------------------------------------------- /ecs/codepipeline/buildspec-build.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | install: 4 | runtime-versions: 5 | docker: 18 6 | pre_build: 7 | commands: 8 | - ls 9 | build: 10 | commands: 11 | - echo Build started on `date` 12 | # add your build commands here 13 | post_build: 14 | commands: 15 | - echo Build completed on `date` 16 | artifacts: 17 | files: 18 | # move all files to the output 19 | - '**/*' -------------------------------------------------------------------------------- /ecs/codepipeline/buildspec-deploy.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | install: 4 | runtime-versions: 5 | docker: 18 6 | pre_build: 7 | commands: 8 | - echo Logging in to Amazon ECR... 9 | - $(aws ecr get-login --no-include-email --region $AWS_DEFAULT_REGION) 10 | build: 11 | commands: 12 | - echo Docker image build started on `date` 13 | - docker build -t $IMAGE_REPO_NAME:$CODEBUILD_BUILD_NUMBER . 14 | - docker tag $IMAGE_REPO_NAME:$CODEBUILD_BUILD_NUMBER $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$CODEBUILD_BUILD_NUMBER 15 | - docker tag $IMAGE_REPO_NAME:$CODEBUILD_BUILD_NUMBER $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG_LATEST 16 | post_build: 17 | commands: 18 | - echo Pushing the Docker image to ECR... 19 | - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME 20 | #- aws ecs update-service --service <> --cluster <> --force-new-deployment -------------------------------------------------------------------------------- /ecs/codepipeline/buildspec-validate.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | install: 4 | commands: 5 | - ls 6 | # add dependency packages 7 | build: 8 | commands: 9 | - echo Running tests... 10 | # execute any tests here. make sure success returns 0 (zero) -------------------------------------------------------------------------------- /elasticbeanstalk/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog Elastic Beanstalk Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called "Service Catalog Elastic Beanstalk Reference Architecture" with one associated product. 4 | The Service Catalog product references a CloudFormation template that deploys a web application bundle to a new Elastic Beanstalk environment. 5 | The environment is a load balanced auto scaling cluaster. The template provides parameters for the user to control the autoscaling group. 6 | To launch the environment, the user provides basic information such as the web application name, the name of the S3 bucket where the web application is stored, 7 | and the name of the Elastic Beanstalk solution stack that the application will run on. A list of available Solution Stacks can be found here: 8 | https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platforms-supported.html 9 | 10 | Get a list of Solution Stacks from the AWS CLI with this command: 11 | ```aws elasticbeanstalk list-available-solution-stacks``` 12 | 13 | ![SC-Devops-EB-github.png](SC-Devops-EB-github.png) 14 | 15 | 16 | [![HowToVideo](https://img.youtube.com/vi/7y_vsmbjE_A/0.jpg)](https://www.youtube.com/watch?v=7y_vsmbjE_A&list=PLhr1KZpdzukcaA06WloeNmGlnM_f1LrdP) 17 | 18 | See the blog about this solution: 19 | [Standardizing CI/CD pipelines for .NET web applications with AWS Service Catalog](https://aws.amazon.com/blogs/devops/standardizing-cicd-pipelines-net-web-applications-aws-service-catalog/) 20 | 21 | 22 | ### Install 23 | Launch the Elastic Beanstalk portfolio stack: 24 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-Beanstalk-Portfolio&templateURL=https://aws-service-catalog-reference-architectures.s3.amazonaws.com/elasticbeanstalk/sc-portfolio-elasticbeanstalk.json) 25 | 26 | Be aware, running this service as demonstrated here is non-SSL http. In production you must protect all web traffic with SSL. 27 | The example templates here cannot create and manage SSL for you, so it must be done as an additional task in your account. 28 | 29 | 30 | -------------------------------------------------------------------------------- /elasticbeanstalk/SC-Devops-EB-github.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/elasticbeanstalk/SC-Devops-EB-github.png -------------------------------------------------------------------------------- /elasticbeanstalk/codepipeline/buildspec-build-dotnet.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | env: 3 | variables: 4 | DOTNET_FRAMEWORK: 4.6.1 5 | phases: 6 | build: 7 | commands: 8 | - nuget restore 9 | - msbuild /p:TargetFrameworkVersion=v$env:DOTNET_FRAMEWORK /p:Configuration=Release /p:DeployIisAppPath="Default Web Site" /t:Package 10 | - dir obj\Release\Package 11 | artifacts: 12 | files: 13 | - 'obj/**/*' 14 | - 'codepipeline/*' -------------------------------------------------------------------------------- /elasticbeanstalk/codepipeline/buildspec-build.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | install: 4 | runtime-versions: 5 | docker: 18 6 | pre_build: 7 | commands: 8 | - ls 9 | build: 10 | commands: 11 | - echo Build started on `date` 12 | # add your build commands here 13 | post_build: 14 | commands: 15 | - echo Build completed on `date` 16 | artifacts: 17 | files: 18 | # move all files to the output 19 | - '**/*' -------------------------------------------------------------------------------- /elasticbeanstalk/codepipeline/buildspec-deploy-dotnet.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | pre_build: 4 | commands: 5 | - echo application deploy started on `date` 6 | - ls -l 7 | - ls -l obj/Release/Package 8 | - aws s3 cp ./obj/Release/Package/<>.zip s3://$ARTIFACT_BUCKET/$EB_APPLICATION_NAME-$CODEBUILD_BUILD_NUMBER.zip 9 | build: 10 | commands: 11 | - echo Pushing package to Elastic Beanstalk... 12 | - aws elasticbeanstalk create-application-version --application-name $EB_APPLICATION_NAME --version-label v$CODEBUILD_BUILD_NUMBER --description "Auto deployed from CodeCommit build $CODEBUILD_BUILD_NUMBER" --source-bundle S3Bucket="$ARTIFACT_BUCKET",S3Key="$EB_APPLICATION_NAME-$CODEBUILD_BUILD_NUMBER.zip" 13 | - aws elasticbeanstalk update-environment --environment-name "EB-ENV-$EB_APPLICATION_NAME" --version-label v$CODEBUILD_BUILD_NUMBER -------------------------------------------------------------------------------- /elasticbeanstalk/codepipeline/buildspec-deploy.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | pre_build: 4 | commands: 5 | - echo application deploy started on `date` 6 | - aws s3 cp ./$EB_APPLICATION_NAME.zip s3://$ARTIFACT_BUCKET/$EB_APPLICATION_NAME-$CODEBUILD_BUILD_NUMBER.zip 7 | build: 8 | commands: 9 | - echo Pushing package to Elastic Beanstalk... 10 | - aws elasticbeanstalk create-application-version --application-name $EB_APPLICATION_NAME --version-label v$CODEBUILD_BUILD_NUMBER --description "Auto deployed from CodeCommit build $CODEBUILD_BUILD_NUMBER" --source-bundle S3Bucket="$ARTIFACT_BUCKET",S3Key="$EB_APPLICATION_NAME-$CODEBUILD_BUILD_NUMBER.zip" 11 | - aws elasticbeanstalk update-environment --environment-name "EB-ENV-$EB_APPLICATION_NAME" --version-label v$CODEBUILD_BUILD_NUMBER -------------------------------------------------------------------------------- /elasticbeanstalk/codepipeline/buildspec-validate.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | install: 4 | commands: 5 | - ls 6 | # add dependency packages 7 | build: 8 | commands: 9 | - echo Running tests... 10 | # execute any tests here. make sure success returns 0 (zero) -------------------------------------------------------------------------------- /emr/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog EMR Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called 4 | "Service Catalog EMR Reference Architecture" with one associated product. 5 | The AWS Service Catalog Product references a cloudformation template for the 6 | Amazon EMR cluster which can be launched by end users through AWS Service Catalog. 7 | The AWS Service Catalog EMR product creates an Amazon Elastic MapReduce cluster in the VPC and Subnets 8 | selected by the end user. A remote access security group is also created to allow for a bastion host 9 | to connect to the instances used by EMR via SSH. 10 | 11 | ### Install 12 | Launch the EMR portfolio stack: 13 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-EMRPortfolio&templateURL=https://s3.amazonaws.com/aws-service-catalog-reference-architectures/emr/sc-portfolio-emr.json) 14 | 15 | 16 | ### Amazon Elastic MapReduce Cluster 17 | 18 | ![sc-emr-ra-architecture.png](sc-emr-ra-architecture.png) 19 | 20 | -------------------------------------------------------------------------------- /emr/sc-emr-ra-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/emr/sc-emr-ra-architecture.png -------------------------------------------------------------------------------- /emr/sc-product-emr.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Linux EMR ServiceCatalog product. (fdp-1p4dlgco4)", 4 | "Parameters": 5 | { 6 | "PortfolioProvider": { 7 | "Type":"String", 8 | "Description":"Owner and Distributor Name" 9 | }, 10 | "LaunchConstraintARN": { 11 | "Type":"String", 12 | "Description":"ARN of the launch constraint role for EMR products." 13 | }, 14 | "PortfolioId":{ 15 | "Type":"String", 16 | "Description":"The ServiceCatalog portfolio this product will be attached to." 17 | }, 18 | "RepoRootURL": { 19 | "Type":"String", 20 | "Description":"Root url for the repo containing the product templates." 21 | } 22 | 23 | }, 24 | "Resources": { 25 | "scemrproduct": { 26 | "Type": "AWS::ServiceCatalog::CloudFormationProduct", 27 | "Properties": { 28 | "Name": "Amazon Elastic MapReduce (EMR)", 29 | "Description": "This product builds an Amazon Elastic MapReduce cluster with 1 master nodes and 2 core nodes.", 30 | "Owner": {"Ref":"PortfolioProvider"}, 31 | "Distributor": {"Ref":"PortfolioProvider"}, 32 | "SupportDescription": "Operations Team", 33 | "SupportEmail": "support@yourcompany.com", 34 | "AcceptLanguage": "en", 35 | "SupportUrl": "http://helpdesk.yourcompany.com", 36 | "ProvisioningArtifactParameters": [ 37 | { 38 | "Description": "baseline version", 39 | "Info": { 40 | "LoadTemplateFromURL": {"Fn::Sub": "${RepoRootURL}emr/sc-emr-ra.json"} 41 | }, 42 | "Name": "v1.1" 43 | } 44 | ] 45 | } 46 | }, 47 | "Associateemr":{ 48 | "Type" : "AWS::ServiceCatalog::PortfolioProductAssociation", 49 | "Properties" : { 50 | "PortfolioId" : {"Ref":"PortfolioId"}, 51 | "ProductId" : {"Ref":"scemrproduct"} 52 | } 53 | }, 54 | "constraintecemr":{ 55 | "Type" : "AWS::ServiceCatalog::LaunchRoleConstraint", 56 | "DependsOn" : "Associateemr", 57 | "Properties" : { 58 | "PortfolioId" : {"Ref":"PortfolioId"}, 59 | "ProductId" : {"Ref":"scemrproduct"}, 60 | "RoleArn" : {"Ref":"LaunchConstraintARN"}, 61 | "Description": {"Ref":"LaunchConstraintARN"} 62 | } 63 | } 64 | } 65 | } -------------------------------------------------------------------------------- /glue/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog Glue Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called 4 | "Service Catalog - AWS Glue Reference Architecture" with one associated product. 5 | The AWS Service Catalog Product references a cloudformation template for the 6 | a Glue Crawler which can be launched by end users through AWS Service Catalog. 7 | The AWS Service Catalog Glue product creates a crawler and a glue database. The crawler can be used to crawl S3 data source to populate the glue data catalog. 8 | 9 | ### Install 10 | Launch the Glue portfolio stack: 11 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-Glue-Portfolio&templateURL=https://aws-service-catalog-reference-architectures.s3.amazonaws.com/glue/sc-portfolio-glue.json) 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /glue/sc-glue-ra.yml: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: MIT-0 3 | AWSTemplateFormatVersion: 2010-09-09 4 | Description: 'This Cloudformation template creates a glue crawler.(fdp-2o24sdsdpoh). Please review the cloudformation template and ensure that configuration of resources (such as SchemaChangePolicy and others) created meet your security standards and expectations. ' 5 | Parameters: 6 | CrawlerName: 7 | Description: Enter a name of crawler. 8 | Type: String 9 | Default: "" 10 | DatabaseName: 11 | Description: Enter a name of crawler. 12 | Type: String 13 | Default: "" 14 | S3Path: 15 | Description: Full S3 path for crawling data from(e.g. s3:///data) 16 | Type: String 17 | Default: "" 18 | IAMRoleARN: 19 | Description: IAMRoleARN to be used for crawling. 20 | Type: String 21 | Default: "" 22 | Resources: 23 | MyCrawler2: 24 | Type: AWS::Glue::Crawler 25 | Properties: 26 | Name: !Ref CrawlerName 27 | Role: !Ref IAMRoleARN 28 | DatabaseName: !Ref MyDatabase 29 | Targets: 30 | S3Targets: 31 | - Path: !Ref S3Path 32 | SchemaChangePolicy: 33 | UpdateBehavior: "UPDATE_IN_DATABASE" 34 | DeleteBehavior: "LOG" 35 | 36 | MyDatabase: 37 | Type: AWS::Glue::Database 38 | Properties: 39 | CatalogId: !Ref AWS::AccountId 40 | DatabaseInput: 41 | Name: !Ref DatabaseName 42 | Outputs: 43 | Crawler: 44 | Value: !Join 45 | - '' 46 | - - 'https://console.aws.amazon.com/glue/home?#crawler:name=' 47 | - !Ref MyCrawler2 48 | - / 49 | Description: Database populated by the crawler 50 | Database: 51 | Value: !Join 52 | - '' 53 | - - 'https://console.aws.amazon.com/glue/home?#database:name=' 54 | - !Ref MyDatabase 55 | - / 56 | Description: Database populated by the crawler -------------------------------------------------------------------------------- /glue/sc-product-glue.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Glue Service Catalog product. (fdp-1p4dlgcoglue)", 4 | "Parameters": 5 | { 6 | "PortfolioProvider": { 7 | "Type":"String", 8 | "Description":"Owner and Distributor Name" 9 | }, 10 | "LaunchConstraintARN": { 11 | "Type":"String", 12 | "Description":"ARN of the launch constraint role for Glue products." 13 | }, 14 | "PortfolioId":{ 15 | "Type":"String", 16 | "Description":"The ServiceCatalog portfolio this product will be attached to." 17 | }, 18 | "RepoRootURL": { 19 | "Type":"String", 20 | "Description":"Root url for the repo containing the product templates." 21 | } 22 | 23 | }, 24 | "Resources": { 25 | "scglueproduct": { 26 | "Type": "AWS::ServiceCatalog::CloudFormationProduct", 27 | "Properties": { 28 | "Name": "AWS Glue crawler", 29 | "Description": "This product creates a glue crawler.", 30 | "Owner": {"Ref":"PortfolioProvider"}, 31 | "Distributor": {"Ref":"PortfolioProvider"}, 32 | "SupportDescription": "Operations Team", 33 | "SupportEmail": "support@yourcompany.com", 34 | "AcceptLanguage": "en", 35 | "SupportUrl": "http://helpdesk.yourcompany.com", 36 | "ProvisioningArtifactParameters": [ 37 | { 38 | "Description": "baseline version", 39 | "Info": { 40 | "LoadTemplateFromURL": {"Fn::Sub": "${RepoRootURL}glue/sc-glue-ra.yml"} 41 | }, 42 | "Name": "v1.1" 43 | } 44 | ] 45 | } 46 | }, 47 | "Associateglue":{ 48 | "Type" : "AWS::ServiceCatalog::PortfolioProductAssociation", 49 | "Properties" : { 50 | "PortfolioId" : {"Ref":"PortfolioId"}, 51 | "ProductId" : {"Ref":"scglueproduct"} 52 | } 53 | }, 54 | "constraintglue":{ 55 | "Type" : "AWS::ServiceCatalog::LaunchRoleConstraint", 56 | "DependsOn" : "Associateglue", 57 | "Properties" : { 58 | "PortfolioId" : {"Ref":"PortfolioId"}, 59 | "ProductId" : {"Ref":"scglueproduct"}, 60 | "RoleArn" : {"Ref":"LaunchConstraintARN"}, 61 | "Description": {"Ref":"LaunchConstraintARN"} 62 | } 63 | } 64 | } 65 | } -------------------------------------------------------------------------------- /iam/sc-codecommit-iamuser.yml: -------------------------------------------------------------------------------- 1 | Description: "CodeCommit User (fdp-1p5s1035c)" 2 | Parameters: 3 | UserName: 4 | Type: String 5 | Default: CodeCommitUser 6 | Resources: 7 | CodeCommitUser: 8 | Type: 'AWS::IAM::User' 9 | Properties: 10 | UserName: !Ref UserName 11 | ManagedPolicyArns: 12 | - arn:aws:iam::aws:policy/AWSCodeCommitFullAccess 13 | -------------------------------------------------------------------------------- /iam/sc-emr-launchrole.yml: -------------------------------------------------------------------------------- 1 | Description: "ServiceCatalog EMR Launch Role. (fdp-1p5rtpgmf)" 2 | Resources: 3 | SCEMRLaunchRole: 4 | Type: 'AWS::IAM::Role' 5 | Properties: 6 | RoleName: SCEMRLaunchRole 7 | ManagedPolicyArns: 8 | - arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess 9 | AssumeRolePolicyDocument: 10 | Version: 2012-10-17 11 | Statement: 12 | - Effect: Allow 13 | Principal: 14 | Service: 15 | - servicecatalog.amazonaws.com 16 | Action: 17 | - 'sts:AssumeRole' 18 | Path: / 19 | Policies: 20 | - PolicyName: SCLaunchPolicy 21 | PolicyDocument: 22 | Version: 2012-10-17 23 | Statement: 24 | - Sid: SCLaunchPolicySID 25 | Effect: Allow 26 | Action: 27 | - "servicecatalog:ListServiceActionsForProvisioningArtifact" 28 | - "servicecatalog:ExecuteprovisionedProductServiceAction" 29 | - "iam:ListRolePolicies" 30 | - "iam:ListPolicies" 31 | - "iam:CreateRole" 32 | - "iam:DeleteRole" 33 | - "iam:GetRole" 34 | - "iam:PassRole" 35 | - "iam:ListRoles" 36 | - "iam:CreateInstanceProfile" 37 | - "iam:DeleteInstanceProfile" 38 | - "iam:AddRoleToInstanceProfile" 39 | - "iam:RemoveRoleFromInstanceProfile" 40 | - "iam:DetachRolePolicy" 41 | - "iam:AttachRolePolicy" 42 | - "cloudformation:DescribeStackResource" 43 | - "cloudformation:DescribeStackResources" 44 | - "cloudformation:GetTemplate" 45 | - "cloudformation:List*" 46 | - "cloudformation:DescribeStackEvents" 47 | - "cloudformation:DescribeStacks" 48 | - "cloudformation:CreateStack" 49 | - "cloudformation:DeleteStack" 50 | - "cloudformation:DescribeStackEvents" 51 | - "cloudformation:DescribeStacks" 52 | - "cloudformation:GetTemplateSummary" 53 | - "cloudformation:SetStackPolicy" 54 | - "cloudformation:ValidateTemplate" 55 | - "cloudformation:UpdateStack" 56 | Resource: '*' 57 | Outputs: 58 | LaunchRoleArn: 59 | Value: !GetAtt SCEMRLaunchRole.Arn 60 | LaunchRoleName: 61 | Value: !Ref SCEMRLaunchRole 62 | -------------------------------------------------------------------------------- /iam/sc-glue-launchrole.yml: -------------------------------------------------------------------------------- 1 | Description: "ServiceCatalog Glue Launch Role. (fdp-1p5rtglue)" 2 | Resources: 3 | GlueLaunchRole: 4 | Type: 'AWS::IAM::Role' 5 | Properties: 6 | AssumeRolePolicyDocument: 7 | Version: 2012-10-17 8 | Statement: 9 | - Effect: Allow 10 | Principal: 11 | Service: 12 | - servicecatalog.amazonaws.com 13 | Action: 14 | - 'sts:AssumeRole' 15 | Path: / 16 | Policies: 17 | - PolicyName: GlueLaunchPolicy 18 | PolicyDocument: 19 | Version: 2012-10-17 20 | Statement: 21 | - Sid: GluePolicy 22 | Effect: Allow 23 | Action: 24 | - catalog-user:* 25 | - cloudformation:CreateStack 26 | - cloudformation:DeleteStack 27 | - cloudformation:DescribeStackEvents 28 | - cloudformation:DescribeStacks 29 | - cloudformation:GetTemplateSummary 30 | - cloudformation:SetStackPolicy 31 | - cloudformation:ValidateTemplate 32 | - cloudformation:UpdateStack 33 | - s3:GetObject 34 | - glue:*Crawler 35 | - glue:*Database 36 | Resource: '*' 37 | - Sid: PassRole 38 | Effect: Allow 39 | Action: iam:PassRole 40 | Resource: 41 | - arn:aws:iam::*:role/*Glue* 42 | Condition: 43 | ForAnyValue:StringEqualsIfExists: 44 | iam:PassedToService: 45 | - glue.amazonaws.com 46 | Outputs: 47 | LaunchRoleArn: 48 | Value: !GetAtt GlueLaunchRole.Arn 49 | LaunchRoleName: 50 | Value: !Ref GlueLaunchRole 51 | -------------------------------------------------------------------------------- /iam/sc-launchrole-createall.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Create all Roles for ServiceCatalog RA launch constraints. (fdp-1p5rtpgm8)", 4 | "Parameters": 5 | { 6 | "RepoRootURL": { 7 | "Type":"String", 8 | "Description":"Root url for the repo containing the product templates.", 9 | "Default":"https://s3.amazonaws.com/aws-service-catalog-reference-architectures/" 10 | } 11 | }, 12 | "Resources": { 13 | "ec2vpcCLaunchConstraintRole": { 14 | "Type" : "AWS::CloudFormation::Stack", 15 | "Properties" : { 16 | "TemplateURL" : {"Fn::Sub": "${RepoRootURL}iam/sc-ec2vpc-launchrole.yml"}, 17 | "TimeoutInMinutes" : 5 18 | } 19 | }, 20 | "emrLaunchConstraintRole": { 21 | "Type" : "AWS::CloudFormation::Stack", 22 | "Properties" : { 23 | "TemplateURL" : {"Fn::Sub": "${RepoRootURL}iam/sc-emr-launchrole.yml"}, 24 | "TimeoutInMinutes" : 5 25 | } 26 | }, 27 | "rdsLaunchConstraintRole": { 28 | "Type" : "AWS::CloudFormation::Stack", 29 | "Properties" : { 30 | "TemplateURL" : {"Fn::Sub": "${RepoRootURL}iam/sc-rds-launchrole.yml"}, 31 | "TimeoutInMinutes" : 5 32 | } 33 | }, 34 | "s3LaunchConstraintRole": { 35 | "Type" : "AWS::CloudFormation::Stack", 36 | "Properties" : { 37 | "TemplateURL" : {"Fn::Sub": "${RepoRootURL}iam/sc-s3-launchrole.yml"}, 38 | "TimeoutInMinutes" : 5 39 | } 40 | } 41 | }, 42 | "Outputs": { 43 | "ec2vpcLaunchConstraintRoleARN":{ 44 | "Value": { "Fn::GetAtt":["ec2vpcCLaunchConstraintRole", "Outputs.LaunchRoleArn"] }, 45 | "Export" : { 46 | "Name" : "sc-ec2vpc-launchconstraint-role" 47 | } 48 | }, 49 | "s3LaunchConstraintRoleARN":{ 50 | "Value": { "Fn::GetAtt":["s3LaunchConstraintRole", "Outputs.LaunchRoleArn"] }, 51 | "Export" : { 52 | "Name" : "sc-s3-launchconstraint-role" 53 | } 54 | }, 55 | "rdsLaunchConstraintRoleARN":{ 56 | "Value": { "Fn::GetAtt":["rdsLaunchConstraintRole", "Outputs.LaunchRoleArn"] }, 57 | "Export" : { 58 | "Name" : "sc-rds-launchconstraint-role" 59 | } 60 | }, 61 | "emrLaunchConstraintRoleARN":{ 62 | "Value": { "Fn::GetAtt":["emrLaunchConstraintRole", "Outputs.LaunchRoleArn"] }, 63 | "Export" : { 64 | "Name" : "sc-emr-launchconstraint-role" 65 | } 66 | } 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /iam/sc-s3-launchrole.yml: -------------------------------------------------------------------------------- 1 | Description: "ServiceCatalog S3 Launch Role. (fdp-1p5s1035s)" 2 | Resources: 3 | SCS3LaunchRole: 4 | Type: 'AWS::IAM::Role' 5 | Properties: 6 | RoleName: SCS3LaunchRole 7 | ManagedPolicyArns: 8 | - arn:aws:iam::aws:policy/AmazonS3FullAccess 9 | AssumeRolePolicyDocument: 10 | Version: 2012-10-17 11 | Statement: 12 | - Effect: Allow 13 | Principal: 14 | Service: 15 | - servicecatalog.amazonaws.com 16 | Action: 17 | - 'sts:AssumeRole' 18 | Path: / 19 | Policies: 20 | - PolicyName: SCLaunchPolicy 21 | PolicyDocument: 22 | Version: 2012-10-17 23 | Statement: 24 | - Sid: SCLaunchPolicySID 25 | Effect: Allow 26 | Action: 27 | - "servicecatalog:ListServiceActionsForProvisioningArtifact" 28 | - "servicecatalog:ExecuteprovisionedProductServiceAction" 29 | - "iam:ListRolePolicies" 30 | - "iam:ListPolicies" 31 | - "iam:DeleteRole" 32 | - "iam:GetRole" 33 | - "iam:PassRole" 34 | - "iam:ListRoles" 35 | - "iam:CreateRole" 36 | - "iam:DetachRolePolicy" 37 | - "iam:AttachRolePolicy" 38 | - "cloudformation:DescribeStackResource" 39 | - "cloudformation:DescribeStackResources" 40 | - "cloudformation:GetTemplate" 41 | - "cloudformation:List*" 42 | - "cloudformation:DescribeStackEvents" 43 | - "cloudformation:DescribeStacks" 44 | - "cloudformation:CreateStack" 45 | - "cloudformation:DeleteStack" 46 | - "cloudformation:DescribeStackEvents" 47 | - "cloudformation:DescribeStacks" 48 | - "cloudformation:GetTemplateSummary" 49 | - "cloudformation:SetStackPolicy" 50 | - "cloudformation:ValidateTemplate" 51 | - "cloudformation:UpdateStack" 52 | Resource: '*' 53 | Outputs: 54 | LaunchRoleArn: 55 | Value: !GetAtt SCS3LaunchRole.Arn 56 | LaunchRoleName: 57 | Value: !Ref SCS3LaunchRole 58 | -------------------------------------------------------------------------------- /labs/CalcAPI/.dockerignore: -------------------------------------------------------------------------------- 1 | env/ 2 | .git/ 3 | __pycache__ 4 | .DS_Store -------------------------------------------------------------------------------- /labs/CalcAPI/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | bin/ 3 | obj/ 4 | .Python 5 | [Bb]in 6 | [Ii]nclude 7 | [Ll]ib 8 | [Ll]ib64 9 | [Ll]ocal 10 | [Ss]cripts 11 | share 12 | pyvenv.cfg 13 | .venv 14 | pip-selfcheck.json 15 | calctest 16 | flaskapp/ 17 | -------------------------------------------------------------------------------- /labs/CalcAPI/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM public.ecr.aws/amazonlinux/amazonlinux:latest 2 | MAINTAINER chpmanc@amazon.com 3 | 4 | RUN yum install -y python3-pip 5 | #RUN yum update -y 6 | 7 | RUN mkdir -p /flask-app 8 | WORKDIR /flask-app 9 | 10 | COPY flaskapp /flask-app 11 | WORKDIR /flask-app 12 | COPY flask/gu.conf /flask-app/gu.py 13 | COPY pytest.py /flask-app/ 14 | COPY start.sh /flask-app/ 15 | RUN pip3 install -r requirements.txt 16 | RUN chmod +x start.sh 17 | 18 | EXPOSE 80 19 | ENTRYPOINT ["./start.sh"] -------------------------------------------------------------------------------- /labs/CalcAPI/README.md: -------------------------------------------------------------------------------- 1 | # Simple math C python API 2 | 3 | This is for demo purposes to see how a program can be packaged and moved between lambda, 4 | docker, kubernetes, etc... 5 | 6 | ## Build and Run 7 | 8 | The makefile will compile the library and run the tests. 9 | ```make all``` 10 | 11 | To package for lambda: 12 | ```make lambda``` 13 | 14 | To install and run the flask api locally: 15 | ```make local``` 16 | 17 | 18 | ## Testing 19 | ```./calctest``` C program that will test the libcalc library 20 | ```./pytest.py``` python program that will test the python wrapper and the libcalc library 21 | ```./testapi.sh``` will call the local API and run tests 22 | 23 | -------------------------------------------------------------------------------- /labs/CalcAPI/clustertest.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/python 2 | import random 3 | import requests 4 | import json 5 | import threading 6 | from pycalc import dot_prod, get_rand_array 7 | 8 | REMOTE_IP = "" 9 | 10 | class calctest(threading.Thread): 11 | def __init__(self,len): 12 | super(calctest,self).__init__() 13 | self._len = len 14 | self._pyarr1 = self._getrandom() 15 | self._pyarr2 = self._getrandom() 16 | self._apival = 0.0 17 | self._localval = -1.0 18 | 19 | def _getrandom(self): 20 | #return [random.uniform(-5000000.0,5000000.0) for x in range(self._len)] 21 | return get_rand_array(self._len) 22 | 23 | def getremoterandom(self): 24 | print("get remote random") 25 | req = requests.get('http://{}/random/{}'.format(REMOTE_IP,self._len)) 26 | r_json = req.json() 27 | return r_json 28 | 29 | def fullremote(self): 30 | print("fullremote") 31 | arr1 = self.getremoterandom() 32 | arr2 = self.getremoterandom() 33 | apidata = { "arr1":arr1,"arr2":arr2 } 34 | r_header = {'Content-Type':'application/json'} 35 | req = requests.post('http://{}/dotprod'.format(REMOTE_IP), data=json.dumps(apidata), headers=r_header) 36 | r_json = req.json() 37 | fval = float(r_json["result"]) 38 | print("full remote:{}".format(fval)) 39 | 40 | def getlocal(self): 41 | print("calc locally") 42 | self._localval = dot_prod(self._pyarr1,self._pyarr2) 43 | 44 | def getremote(self): 45 | print("Sending request") 46 | apidata = { "arr1":self._pyarr1,"arr2":self._pyarr2 } 47 | r_header = {'Content-Type':'application/json'} 48 | req = requests.post('http://{}/dotprod'.format(REMOTE_IP), data=json.dumps(apidata), headers=r_header) 49 | r_json = req.json() 50 | self._apival = float(r_json["result"]) 51 | 52 | def run(self): 53 | t1 = threading.Thread(target=self.getremote) 54 | t1.start() 55 | t2 = threading.Thread(target=self.getlocal) 56 | t2.start() 57 | t3 = threading.Thread(target=self.fullremote) 58 | t3.start() 59 | t1.join() 60 | t2.join() 61 | t3.join() 62 | print("{} passed:{}".format(self._apival, self._localval==self._apival)) 63 | 64 | 65 | if __name__ == "__main__": 66 | threads = [] 67 | for x in range(10): 68 | calc = calctest(500000) 69 | threads.append(calc) 70 | calc.start() 71 | 72 | for t in threads: 73 | t.join() 74 | -------------------------------------------------------------------------------- /labs/CalcAPI/codepipeline/buildspec-build.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | pre_build: 4 | commands: 5 | - ls 6 | build: 7 | commands: 8 | - echo Build started on `date` 9 | - make docker 10 | #- make lambda 11 | #- make eb 12 | post_build: 13 | commands: 14 | - echo Build completed on `date` 15 | artifacts: 16 | files: 17 | # move all files to the output 18 | - '**/*' -------------------------------------------------------------------------------- /labs/CalcAPI/codepipeline/buildspec-deploy-EB.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | pre_build: 4 | commands: 5 | - echo application deploy started on `date` 6 | - aws s3 cp ./build.zip s3://$ARTIFACT_BUCKET/$EB_APPLICATION_NAME-$CODEBUILD_BUILD_NUMBER.zip 7 | build: 8 | commands: 9 | - echo Pushing package to Elastic Beanstalk... 10 | - aws elasticbeanstalk create-application-version --application-name $EB_APPLICATION_NAME --version-label v$CODEBUILD_BUILD_NUMBER --description "Auto deployed from CodeCommit build $CODEBUILD_BUILD_NUMBER" --source-bundle S3Bucket="$ARTIFACT_BUCKET",S3Key="$EB_APPLICATION_NAME-$CODEBUILD_BUILD_NUMBER.zip" 11 | - aws elasticbeanstalk update-environment --environment-name "EB-ENV-$EB_APPLICATION_NAME" --version-label v$CODEBUILD_BUILD_NUMBER -------------------------------------------------------------------------------- /labs/CalcAPI/codepipeline/buildspec-deploy-lambda.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | pre_build: 4 | commands: 5 | - echo application deploy started on `date` 6 | - aws s3 cp ./build.zip s3://$ARTIFACT_BUCKET/$FUNCTION_NAME-$CODEBUILD_BUILD_NUMBER.zip 7 | build: 8 | commands: 9 | - echo Pushing package to Lambda... 10 | - aws lambda update-function-code --function-name $FUNCTION_NAME --publish --s3-bucket $ARTIFACT_BUCKET --s3-key $FUNCTION_NAME-$CODEBUILD_BUILD_NUMBER.zip 11 | - echo "Deploy complete" -------------------------------------------------------------------------------- /labs/CalcAPI/codepipeline/buildspec-deploy.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | install: 4 | runtime-versions: 5 | docker: 19 6 | pre_build: 7 | commands: 8 | - echo Logging in to Amazon ECR... 9 | - $(aws ecr get-login --no-include-email --region $AWS_DEFAULT_REGION) 10 | build: 11 | commands: 12 | - echo Docker image build started on `date` 13 | - docker build -t $IMAGE_REPO_NAME:$CODEBUILD_BUILD_NUMBER . 14 | - docker tag $IMAGE_REPO_NAME:$CODEBUILD_BUILD_NUMBER $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$CODEBUILD_BUILD_NUMBER 15 | - docker tag $IMAGE_REPO_NAME:$CODEBUILD_BUILD_NUMBER $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG_LATEST 16 | post_build: 17 | commands: 18 | - echo Pushing the Docker image to ECR... 19 | - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$CODEBUILD_BUILD_NUMBER 20 | - MANIFEST=$(aws ecr batch-get-image --repository-name $IMAGE_REPO_NAME --image-ids imageTag=$CODEBUILD_BUILD_NUMBER --output json | jq --raw-output '.images[0].imageManifest') 21 | - aws ecr put-image --repository-name $IMAGE_REPO_NAME --image-tag $IMAGE_TAG_LATEST --image-manifest "$MANIFEST" 22 | #- aws ecs update-service --service <> --cluster <> --force-new-deployment -------------------------------------------------------------------------------- /labs/CalcAPI/codepipeline/buildspec-validate.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | install: 4 | commands: 5 | - ./calctest 6 | - chmod +x pytest.py 7 | - ./pytest.py -------------------------------------------------------------------------------- /labs/CalcAPI/flask/application.py: -------------------------------------------------------------------------------- 1 | from flask import Flask,request,jsonify 2 | from pycalc import dot_prod,get_rand_array 3 | 4 | application = Flask(__name__) 5 | 6 | @application.route('/', methods=['GET']) 7 | def index(): 8 | return "

I'm alive!

version 3.0" 9 | 10 | 11 | @application.route('/dotprod', methods=['POST']) 12 | def dotprod(): 13 | injson = request.get_json() 14 | arr1 = injson['arr1'] 15 | arr2 = injson['arr2'] 16 | rval = dot_prod(arr1,arr2) 17 | return jsonify({"result":rval}) 18 | 19 | 20 | @application.route('/dotprodtest', methods=['GET']) 21 | def dotprodTest(): 22 | pyarr = [float(x) for x in range(1,11)] 23 | rval = dot_prod(pyarr,pyarr) 24 | return jsonify({"result":rval, "passed":rval==385.0}) 25 | 26 | 27 | @application.route('/random/', methods=['GET']) 28 | def getrandom(size): 29 | r_arr = get_rand_array(int(size)) 30 | return jsonify(r_arr) 31 | 32 | 33 | -------------------------------------------------------------------------------- /labs/CalcAPI/flask/gu.conf: -------------------------------------------------------------------------------- 1 | import multiprocessing 2 | bind = "0.0.0.0:80" 3 | workers = multiprocessing.cpu_count() * 2 4 | -------------------------------------------------------------------------------- /labs/CalcAPI/flask/gu.local: -------------------------------------------------------------------------------- 1 | import multiprocessing 2 | bind = "localhost:8080" 3 | workers = multiprocessing.cpu_count() + 1 4 | -------------------------------------------------------------------------------- /labs/CalcAPI/flask/requirements.txt: -------------------------------------------------------------------------------- 1 | click 2 | Flask 3 | gunicorn 4 | itsdangerous 5 | Jinja2 6 | MarkupSafe 7 | Werkzeug 8 | -------------------------------------------------------------------------------- /labs/CalcAPI/flask/rungunicorn.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | source bin/activate 3 | exec bin/gunicorn -c gu.py application 4 | deactivate 5 | -------------------------------------------------------------------------------- /labs/CalcAPI/flask/runlocal.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | make cleanall 4 | ./calctest 5 | chmod +x pytest.py 6 | ./pytest.py 7 | 8 | mkdir ./flaskapp 9 | cp ./flask/requirements.txt ./flaskapp 10 | cp ./flask/rungunicorn.sh ./flaskapp 11 | cp ./flask/application.py ./flaskapp 12 | cp ./flask/gu.local ./flaskapp/gu.py 13 | 14 | python3 -m venv ./flaskapp 15 | cp -r ./pycalc ./flaskapp/lib/python3.6/site-packages/ 16 | cp -r ./bin ./flaskapp 17 | 18 | cd flaskapp 19 | source bin/activate 20 | pip3 install -r requirements.txt 21 | deactivate 22 | 23 | chmod +x rungunicorn.sh 24 | ./rungunicorn.sh 25 | -------------------------------------------------------------------------------- /labs/CalcAPI/flask/wsgi.py: -------------------------------------------------------------------------------- 1 | from application import application as app -------------------------------------------------------------------------------- /labs/CalcAPI/lambda_function.py: -------------------------------------------------------------------------------- 1 | from pycalc import dot_prod 2 | 3 | def lambda_handler(event, context): 4 | arr1 = event['arr1'] 5 | arr2 = event['arr2'] 6 | rval = dot_prod(arr1,arr2) 7 | return {"result":rval} 8 | -------------------------------------------------------------------------------- /labs/CalcAPI/makefile: -------------------------------------------------------------------------------- 1 | version = 1.1 2 | appname = calc 3 | soname = lib$(appname).so.$(version) 4 | 5 | CXXFLAGSShared = -fPIC 6 | CFLAGS = -std=c99 7 | 8 | srcfiles = $(wildcard src/*.c) 9 | objects = $(addprefix obj/,$(notdir $(srcfiles:.c=.o))) 10 | 11 | $(appname): $(objects) 12 | mkdir -p bin/ 13 | gcc -shared $(CFLAGS) $(CXXFLAGSShared) -Wl,-soname,$(soname) -o bin/$(soname) $(objects) -lc 14 | ln -sf $(soname) bin/lib$(appname).so 15 | 16 | obj/%.o: src/%.c 17 | mkdir -p obj/ 18 | gcc $(CFLAGS) $(CXXFLAGSShared) -c $< -o $@ 19 | 20 | test: 21 | gcc $(CFLAGS) -Wl,-R -Wl,bin/ test.c bin/lib$(appname).so -o calctest 22 | ./calctest 23 | 24 | all: $(appname) test 25 | 26 | clean: .clean $(appname) 27 | cleanall: .clean all 28 | cleanonly: .clean 29 | .clean: 30 | rm -rf obj 31 | rm -rf bin 32 | rm -rf flaskapp 33 | rm -f calctest 34 | rm -rf build build.zip 35 | rm -f flaskapp.zip 36 | find . -name "*.pyc" -exec rm -f {} \; 37 | find . -type d -name __pycache__ -delete 38 | rm -rf __pycache__ 39 | 40 | docker: .copyfiles 41 | 42 | lambda: clean 43 | mkdir -p build/ 44 | cp -r pycalc build 45 | cp -r bin build 46 | cp lambda_function.py build 47 | cd build; zip -9qr ../build.zip * 48 | #rm -rf build 49 | 50 | .copyfiles: cleanall 51 | mkdir -p flaskapp 52 | cp flask/requirements.txt ./flaskapp 53 | cp flask/application.py ./flaskapp 54 | cp -r pycalc flaskapp 55 | cp -r bin flaskapp 56 | 57 | local: .copyfiles 58 | cp flask/rungunicorn.sh ./flaskapp 59 | cp flask/gu.local ./flaskapp/gu.py 60 | cd ./flaskapp; ./rungunicorn.sh 61 | 62 | eb: .copyfiles 63 | cp flask/gu.conf ./flaskapp/gu.py 64 | cd flaskapp; zip -9qr ../build.zip * 65 | -------------------------------------------------------------------------------- /labs/CalcAPI/pycalc/__init__.py: -------------------------------------------------------------------------------- 1 | from ctypes import * 2 | 3 | LIBCALC = cdll.LoadLibrary("bin/libcalc.so") 4 | 5 | def dot_prod(arr1, arr2): 6 | func_dp = LIBCALC.dot_product 7 | func_dp.restype = c_double 8 | func_dp.argtypes = [POINTER(c_double),POINTER(c_double),c_int] 9 | 10 | alen = len(arr1) 11 | arrdoubles = c_double * alen 12 | carr1 = arrdoubles() 13 | carr2 = arrdoubles() 14 | 15 | for i in range(alen): 16 | carr1[i] = float(arr1[i]) 17 | carr2[i] = float(arr2[i]) 18 | 19 | resp = func_dp(carr1,carr2,alen) 20 | return resp 21 | 22 | def get_rand_array(size): 23 | func_getrand = LIBCALC.gen_random_array 24 | func_getrand.restype = POINTER(c_double) 25 | func_getrand.argtypes = [c_int] 26 | func_free = LIBCALC.free_ptr 27 | func_free.argtypes = [c_void_p] 28 | 29 | temparr = func_getrand(size) 30 | # have to copy from c pointer 31 | resp = [float(temparr[i]) for i in range(size)] 32 | func_free(temparr) 33 | return resp 34 | -------------------------------------------------------------------------------- /labs/CalcAPI/pytest.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/python 2 | 3 | from pycalc import dot_prod 4 | 5 | if __name__ == "__main__": 6 | pyarr = [float(x) for x in range(1,11)] 7 | rval = dot_prod(pyarr,pyarr) 8 | print("{} passed:{}".format(rval, rval==385.0)) 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /labs/CalcAPI/src/calc.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "calc.h" 5 | 6 | static double RAND_DIVISOR, RANGE_MIN; 7 | static int bool_is_seeded = 0; 8 | 9 | void set_rand_seed() { 10 | if (bool_is_seeded == 0) { 11 | time_t t; 12 | srand(time(&t)); 13 | bool_is_seeded = 1; 14 | RANGE_MIN = RANGE_MAX * -1; 15 | double range = RANGE_MAX - RANGE_MIN; 16 | RAND_DIVISOR = RAND_MAX / range; 17 | printf("div=%f\r\n",RAND_DIVISOR); 18 | } 19 | } 20 | 21 | // calculate the dot product of two arrays 22 | double dot_product(double *arr1, double *arr2, int size) { 23 | double res = 0; 24 | for (int i =0; i < size; i++) { 25 | double v = arr1[i]; 26 | double u = arr2[i]; 27 | double prod = 0; 28 | if (v != 0 && u != 0) { 29 | prod = v * u; 30 | } 31 | res += prod; 32 | //printf("%f * %f = %f\t%f\r\n",v,u, prod, res); 33 | } 34 | return res; 35 | } 36 | 37 | void free_ptr(void* ptr) { 38 | free(ptr); 39 | } 40 | 41 | double* gen_random_array(int size) { 42 | set_rand_seed(); 43 | double* rarr = (double*)malloc(sizeof(double)*size); 44 | for (int i =0; i < size; i++) { 45 | double rd = RANGE_MIN + (rand()/RAND_DIVISOR); 46 | rarr[i] = rd; 47 | } 48 | return rarr; 49 | } 50 | 51 | -------------------------------------------------------------------------------- /labs/CalcAPI/src/calc.h: -------------------------------------------------------------------------------- 1 | 2 | const double RANGE_MAX = 5000000.0; 3 | 4 | // free a pointer 5 | void free_ptr(void* ptr); 6 | 7 | // call once to set the seed 8 | void set_rand_seed(); 9 | 10 | // calculate the dot product of two arrays 11 | double dot_product(double *arr1, double *arr2, int size); 12 | 13 | // generate an array of random doubles 14 | double* gen_random_array(int size); 15 | -------------------------------------------------------------------------------- /labs/CalcAPI/start.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | exec gunicorn -c gu.py application 3 | -------------------------------------------------------------------------------- /labs/CalcAPI/test.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "src/calc.h" 5 | 6 | bool runrandom() { 7 | double* ptarr1 = gen_random_array(10); 8 | double* ptarr2 = gen_random_array(10); 9 | for (int i=0; i<10; i++) { 10 | printf("%f - %f\t", ptarr1[i], ptarr2[i]); 11 | } 12 | printf("\r\n"); 13 | 14 | double dp = dot_product(ptarr1, ptarr2, 10); 15 | printf("array result: %f\r\n", dp); 16 | free(ptarr1); 17 | free(ptarr2); 18 | } 19 | 20 | bool runtest() { 21 | double tarr1[10]; 22 | double tarr2[10]; 23 | for (int i=0; i<10; i++) { 24 | tarr1[i] = i + 1; 25 | tarr2[i] = i + 1; 26 | printf("%d\t",i+1); 27 | } 28 | printf("\r\n"); 29 | 30 | double dp = dot_product(tarr1, tarr2, 10); 31 | bool pass = dp == 385.0; 32 | printf("array result: %f passed:%s\r\n", dp,pass ? "true" : "false"); 33 | return pass; 34 | } 35 | 36 | int main(void) { 37 | runrandom(); 38 | if (runtest()) { 39 | return 0; 40 | } 41 | return 1; 42 | } 43 | -------------------------------------------------------------------------------- /labs/CalcAPI/testapi.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl http://localhost:8080/random/10 4 | curl http://localhost:8080/dotprodtest 5 | curl -H "Content-Type: application/json" -X POST -d '{"arr1":[1,2,3,4,5,6,7,8,9,10],"arr2":[1,2,3,4,5,6,7,8,9,10]}' http://localhost:8080/dotprod 6 | -------------------------------------------------------------------------------- /labs/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/App_Start/BundleConfig.cs: -------------------------------------------------------------------------------- 1 | using System.Web; 2 | using System.Web.Optimization; 3 | 4 | namespace SampleWebApplication 5 | { 6 | public class BundleConfig 7 | { 8 | // For more information on bundling, visit https://go.microsoft.com/fwlink/?LinkId=301862 9 | public static void RegisterBundles(BundleCollection bundles) 10 | { 11 | bundles.Add(new ScriptBundle("~/bundles/jquery").Include( 12 | "~/Scripts/jquery-{version}.js")); 13 | 14 | bundles.Add(new ScriptBundle("~/bundles/jqueryval").Include( 15 | "~/Scripts/jquery.validate*")); 16 | 17 | // Use the development version of Modernizr to develop with and learn from. Then, when you're 18 | // ready for production, use the build tool at https://modernizr.com to pick only the tests you need. 19 | bundles.Add(new ScriptBundle("~/bundles/modernizr").Include( 20 | "~/Scripts/modernizr-*")); 21 | 22 | bundles.Add(new ScriptBundle("~/bundles/bootstrap").Include( 23 | "~/Scripts/bootstrap.js")); 24 | 25 | bundles.Add(new StyleBundle("~/Content/css").Include( 26 | "~/Content/bootstrap.css", 27 | "~/Content/site.css")); 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/App_Start/FilterConfig.cs: -------------------------------------------------------------------------------- 1 | using System.Web; 2 | using System.Web.Mvc; 3 | 4 | namespace SampleWebApplication 5 | { 6 | public class FilterConfig 7 | { 8 | public static void RegisterGlobalFilters(GlobalFilterCollection filters) 9 | { 10 | filters.Add(new HandleErrorAttribute()); 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/App_Start/RouteConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Web; 5 | using System.Web.Mvc; 6 | using System.Web.Routing; 7 | 8 | namespace SampleWebApplication 9 | { 10 | public class RouteConfig 11 | { 12 | public static void RegisterRoutes(RouteCollection routes) 13 | { 14 | routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); 15 | 16 | routes.MapRoute( 17 | name: "Default", 18 | url: "{controller}/{action}/{id}", 19 | defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional } 20 | ); 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Content/Site.css: -------------------------------------------------------------------------------- 1 | body { 2 | padding-top: 50px; 3 | padding-bottom: 20px; 4 | } 5 | 6 | /* Set padding to keep content from hitting the edges */ 7 | .body-content { 8 | padding-left: 15px; 9 | padding-right: 15px; 10 | } 11 | 12 | /* Override the default bootstrap behavior where horizontal description lists 13 | will truncate terms that are too long to fit in the left column 14 | */ 15 | .dl-horizontal dt { 16 | white-space: normal; 17 | } 18 | 19 | /* Set width on the form input elements since they're 100% wide by default */ 20 | input, 21 | select, 22 | textarea { 23 | max-width: 280px; 24 | } 25 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Controllers/HomeController.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Web; 5 | using System.Web.Mvc; 6 | 7 | namespace SampleWebApplication.Controllers 8 | { 9 | public class HomeController : Controller 10 | { 11 | public ActionResult Index() 12 | { 13 | return View(); 14 | } 15 | 16 | public ActionResult About() 17 | { 18 | ViewBag.Message = "Your application description page."; 19 | 20 | return View(); 21 | } 22 | 23 | public ActionResult Contact() 24 | { 25 | ViewBag.Message = "Your contact page."; 26 | 27 | return View(); 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Global.asax: -------------------------------------------------------------------------------- 1 | <%@ Application Codebehind="Global.asax.cs" Inherits="SampleWebApplication.MvcApplication" Language="C#" %> 2 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Global.asax.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Web; 5 | using System.Web.Mvc; 6 | using System.Web.Optimization; 7 | using System.Web.Routing; 8 | 9 | namespace SampleWebApplication 10 | { 11 | public class MvcApplication : System.Web.HttpApplication 12 | { 13 | protected void Application_Start() 14 | { 15 | AreaRegistration.RegisterAllAreas(); 16 | FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); 17 | RouteConfig.RegisterRoutes(RouteTable.Routes); 18 | BundleConfig.RegisterBundles(BundleTable.Bundles); 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("SampleWebApplication")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("SampleWebApplication")] 13 | [assembly: AssemblyCopyright("Copyright © 2020")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("895c804d-f94f-4305-8dfe-54875fc178e8")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Revision and Build Numbers 33 | // by using the '*' as shown below: 34 | [assembly: AssemblyVersion("1.0.0.0")] 35 | [assembly: AssemblyFileVersion("1.0.0.0")] 36 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/SampleWebApplication.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.30320.27 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SampleWebApplication", "SampleWebApplication.csproj", "{934ABF00-8DF5-4A11-AF08-E7443CE8C8DC}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {934ABF00-8DF5-4A11-AF08-E7443CE8C8DC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {934ABF00-8DF5-4A11-AF08-E7443CE8C8DC}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {934ABF00-8DF5-4A11-AF08-E7443CE8C8DC}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {934ABF00-8DF5-4A11-AF08-E7443CE8C8DC}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {1B7EB152-D3BD-4E89-BDB0-7ABCF8252EC1} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Views/Home/About.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewBag.Title = "About"; 3 | } 4 |

@ViewBag.Title.

5 |

@ViewBag.Message

6 | 7 |

Use this area to provide additional information.

8 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Views/Home/Contact.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewBag.Title = "Contact"; 3 | } 4 |

@ViewBag.Title.

5 |

@ViewBag.Message

6 | 7 |
8 | One Microsoft Way
9 | Redmond, WA 98052-6399
10 | P: 11 | 425.555.0100 12 |
13 | 14 |
15 | Support: Support@example.com
16 | Marketing: Marketing@example.com 17 |
-------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Views/Home/Index.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewBag.Title = "Home Page"; 3 | } 4 | 5 |
6 |

ASP.NET

7 |

ASP.NET is a free web framework for building great Web sites and Web applications using HTML, CSS and JavaScript.

8 |

Learn more »

9 |
10 | 11 |
12 |
13 |

Getting started

14 |

15 | ASP.NET MVC gives you a powerful, patterns-based way to build dynamic websites that 16 | enables a clean separation of concerns and gives you full control over markup 17 | for enjoyable, agile development. 18 |

19 |

Learn more »

20 |
21 |
22 |

Get more libraries

23 |

NuGet is a free Visual Studio extension that makes it easy to add, remove, and update libraries and tools in Visual Studio projects.

24 |

Learn more »

25 |
26 |
27 |

Web Hosting

28 |

You can easily find a web hosting company that offers the right mix of features and price for your applications.

29 |

Learn more »

30 |
31 |
-------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Views/Shared/Error.cshtml: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Error 6 | 7 | 8 |
9 |

Error.

10 |

An error occurred while processing your request.

11 |
12 | 13 | 14 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Views/Shared/_Layout.cshtml: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | @ViewBag.Title - My ASP.NET Application 7 | @Styles.Render("~/Content/css") 8 | @Scripts.Render("~/bundles/modernizr") 9 | 10 | 11 |
12 |
13 |
14 | 19 | @Html.ActionLink("Application name", "Index", "Home", new { area = "" }, new { @class = "navbar-brand" }) 20 |
21 |
22 |
    23 |
  • @Html.ActionLink("Home", "Index", "Home")
    • 24 |
  • @Html.ActionLink("About", "About", "Home")
    • 25 |
  • @Html.ActionLink("Contact", "Contact", "Home")
    • 26 |
27 |
28 |
29 |
30 |
31 | @RenderBody() 32 |
33 |
34 |

© @DateTime.Now.Year - My ASP.NET Application

35 |
36 |
37 | 38 | @Scripts.Render("~/bundles/jquery") 39 | @Scripts.Render("~/bundles/bootstrap") 40 | @RenderSection("scripts", required: false) 41 | 42 | 43 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Views/Web.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 |
7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Views/_ViewStart.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | Layout = "~/Views/Shared/_Layout.cshtml"; 3 | } 4 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Web.Debug.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 17 | 18 | 29 | 30 | 31 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/Web.Release.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 17 | 18 | 19 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/codepipeline/buildspec-build-dotnet.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | env: 3 | variables: 4 | DOTNET_FRAMEWORK: 4.6.1 5 | phases: 6 | build: 7 | commands: 8 | - nuget restore 9 | - msbuild /p:TargetFrameworkVersion=v$env:DOTNET_FRAMEWORK /p:Configuration=Release /p:DeployIisAppPath="Default Web Site" /t:Package 10 | - dir obj\Release\Package 11 | artifacts: 12 | files: 13 | - 'obj/**/*' 14 | - 'codepipeline/*' -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/codepipeline/buildspec-deploy-dotnet.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | pre_build: 4 | commands: 5 | - echo application deploy started on `date` 6 | - ls -l 7 | - ls -l obj/Release/Package 8 | - aws s3 cp ./obj/Release/Package/SampleWebApplication.zip s3://$ARTIFACT_BUCKET/$EB_APPLICATION_NAME-$CODEBUILD_BUILD_NUMBER.zip 9 | build: 10 | commands: 11 | - echo Pushing package to Elastic Beanstalk... 12 | - aws elasticbeanstalk create-application-version --application-name $EB_APPLICATION_NAME --version-label v$CODEBUILD_BUILD_NUMBER --description "Auto deployed from CodeCommit build $CODEBUILD_BUILD_NUMBER" --source-bundle S3Bucket="$ARTIFACT_BUCKET",S3Key="$EB_APPLICATION_NAME-$CODEBUILD_BUILD_NUMBER.zip" 13 | - aws elasticbeanstalk update-environment --environment-name "EB-ENV-$EB_APPLICATION_NAME" --version-label v$CODEBUILD_BUILD_NUMBER -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/SampleDotNetApplication/favicon.ico -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/SampleDotNetApplication/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/SampleDotNetApplication/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/SampleDotNetApplication/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/SampleDotNetApplication/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /labs/SampleDotNetApplication/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /labs/preventive-control/aws-kinesis-agent-latest.amzn1.noarch.rpm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/preventive-control/aws-kinesis-agent-latest.amzn1.noarch.rpm -------------------------------------------------------------------------------- /labs/preventive-control/cleanup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # /* 4 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 5 | # * 6 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 7 | # * software and associated documentation files (the "Software"), to deal in the Software 8 | # * without restriction, including without limitation the rights to use, copy, modify, 9 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 10 | # * permit persons to whom the Software is furnished to do so. 11 | # * 12 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 13 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 14 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 15 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 16 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 17 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 18 | # */ 19 | 20 | # list of product to delete from Service Catalog 21 | products_to_deploy=(sns elasticsearch ebs autoscaling alb albtarget alblistener s3 firehose) 22 | # Domain Name to remove from ACM 23 | domainName='www.example.com' 24 | 25 | # optional AWS CLI profile. If not provided default profile will be used. 26 | aws_cli_profile="default" 27 | 28 | if [[ $1 != '' ]] 29 | then 30 | aws_cli_profile=$1 31 | fi 32 | 33 | printf "Delete SSL Certificate from ACM\n" 34 | certArn=$(aws acm list-certificates --query 'CertificateSummaryList[?DomainName==`'$domainName'`].CertificateArn' --region us-east-1 --profile $aws_cli_profile --output text) 35 | aws acm delete-certificate --certificate-arn $certArn --region us-east-1 --profile $aws_cli_profile 36 | 37 | # Delete Service Catalog Products 38 | for i in ${products_to_deploy[*]} 39 | do 40 | printf "Deleting Product: $i\n" 41 | aws cloudformation update-termination-protection --no-enable-termination-protection --stack-name "sc-$i-product-cfn" --region us-east-1 --profile $aws_cli_profile 42 | aws cloudformation delete-stack --stack-name "sc-$i-product-cfn" --region us-east-1 --profile $aws_cli_profile 43 | done 44 | -------------------------------------------------------------------------------- /labs/preventive-control/deployment-lambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/preventive-control/deployment-lambda.zip -------------------------------------------------------------------------------- /labs/preventive-control/fh-agent.json: -------------------------------------------------------------------------------- 1 | { 2 | "cloudwatch.emitMetrics": false, 3 | "firehose.endpoint": "https://firehose.us-east-1.amazonaws.com", 4 | "flows": [ 5 | { 6 | "filePattern": "/var/log/httpd/*_log", 7 | "deliveryStream": "sc-lab-kinesis-fh-stream" 8 | } 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /labs/preventive-control/kinesis-deployment-cfn.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog Lab - Provision Kinesis Firehose Stream 18 | Parameters: 19 | KinesisRole: 20 | Description: Kinesis IAM Role Arn 21 | Type: String 22 | S3StackName: 23 | Description: Arn of S3 bucket to store failed documents 24 | Type: String 25 | KMSEncryptionKeyArn: 26 | Description: Arn of KMS key use to encrypt content on S3 27 | Type: String 28 | 29 | Resources: 30 | ProductSelectorFirehose: 31 | Type: "Custom::ProdutcSelector" 32 | Version: "1.0" 33 | Properties: 34 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-product-selector' 35 | ProductName: firehose 36 | 37 | Kinesis: 38 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 39 | Properties: 40 | ProvisionedProductName: 'sc-lab-kinesis-fh-stream' 41 | ProvisioningParameters: 42 | - Key: Name 43 | Value: sc-lab-kinesis-fh-stream 44 | - Key: BucketArn 45 | Value: 46 | Fn::ImportValue: 47 | !Sub "${S3StackName}-S3BucketArn" 48 | - Key: RoleArn 49 | Value: !Ref KinesisRole 50 | - Key: KMSArn 51 | Value: !Ref KMSEncryptionKeyArn 52 | ProductId: !GetAtt ProductSelectorFirehose.ProductId 53 | ProvisioningArtifactId: !GetAtt ProductSelectorFirehose.ArtifactId 54 | 55 | Outputs: 56 | KinesisCFN: 57 | Value: !Select [1, !Split ['/', !Select [5, !Split [':', !GetAtt Kinesis.CloudformationStackArn ]]]] 58 | -------------------------------------------------------------------------------- /labs/preventive-control/product-selector-lambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/preventive-control/product-selector-lambda.zip -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-alb.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "alb", 5 | "ProductDescription" : "Application Load Balancer", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/alb/sc-alb.yml", 9 | "ProductRoleName" : "sc-alb-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/alb/sc-alb-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-alb-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-alblistener.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "alblistener", 5 | "ProductDescription" : "Application Load Balancer Listener", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/alb/sc-alb-listener.yml", 9 | "ProductRoleName" : "sc-alb-listener-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/alb/sc-alb-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-alb-listener-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-albtarget.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "albtarget", 5 | "ProductDescription" : "Application Load Balancer Target Group", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/alb/sc-alb-target.yml", 9 | "ProductRoleName" : "sc-alb-target-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/alb/sc-alb-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-alb-target-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-autoscaling.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "autoscaling", 5 | "ProductDescription" : "AutoScaling", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/asc/sc-asc.yml", 9 | "ProductRoleName" : "sc-autoscaling-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/asc/sc-asc-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-autoscaling-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-dmsendpoint.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters": { 3 | "PortfolioStack": "var.portfolioCfn", 4 | "ProductName": "dmsendpoint", 5 | "ProductDescription": "DMS Endpoint", 6 | "ProductVersion": "1.0", 7 | "ProductVersionDescription": "Initial Version", 8 | "ProductTemplateUrl": "aws-service-catalog-reference-architectures/labs/preventive-control/products/dmsendpoint/sc-dmsendpoint.yml", 9 | "ProductRoleName": "sc-dms-endpoint-product-role", 10 | "ProductPolicyName": "var.policy", 11 | "ProductRoleTemplateUrl": "aws-service-catalog-reference-architectures/labs/preventive-control/products/dmsendpoint/sc-dmsendpoint-products-role.yml", 12 | "TemplateRuleConstraint": { 13 | "EngineName": { 14 | "Assertions": [ 15 | { 16 | "Assert": { 17 | "Fn::Contains": [ 18 | [ 19 | "oracle" 20 | ], 21 | { 22 | "Ref": "EngineName" 23 | } 24 | ] 25 | }, 26 | "AssertDescription": "Engine Name" 27 | } 28 | ] 29 | } 30 | }, 31 | "DeploymentBucket": "var.deploymentBucket", 32 | "DeployUpdatePipeline": "true", 33 | "UpdateConfigFileName": "sc-dmsendpoint-update" 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-dmsinstance.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters": { 3 | "PortfolioStack": "var.portfolioCfn", 4 | "ProductName": "dmsinstance", 5 | "ProductDescription": "DMS Replication Instance", 6 | "ProductVersion": "1.0", 7 | "ProductVersionDescription": "Initial Version", 8 | "ProductTemplateUrl": "aws-service-catalog-reference-architectures/labs/preventive-control/products/dmsinstance/sc-dmsinstance.yml", 9 | "ProductRoleName": "sc-dms-instance-product-role", 10 | "ProductPolicyName": "var.policy", 11 | "ProductRoleTemplateUrl": "aws-service-catalog-reference-architectures/labs/preventive-control/products/dmsinstance/sc-dmsinstance-products-role.yml", 12 | "TemplateRuleConstraint": { 13 | "ReplicationInstanceClass": { 14 | "Assertions": [ 15 | { 16 | "Assert": { 17 | "Fn::Contains": [ 18 | [ 19 | "dms.t2.large", 20 | "dms.r4.large", 21 | "dms.r4.xlarge" 22 | ], 23 | { 24 | "Ref": "ReplicationInstanceClass" 25 | } 26 | ] 27 | }, 28 | "AssertDescription": "Replication Instance Type" 29 | } 30 | ] 31 | } 32 | }, 33 | "DeploymentBucket": "var.deploymentBucket", 34 | "DeployUpdatePipeline": "true", 35 | "UpdateConfigFileName": "sc-dmsinstance-update" 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-dynamodb.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "dynamodb", 5 | "ProductDescription" : "Amazon DynamoDB", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/dynamodb/sc-dynamodb.yml", 9 | "ProductRoleName" : "sc-dynamodb-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/dynamodb/sc-dynamodb-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-dynamodb-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-ebs.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "ebs", 5 | "ProductDescription" : "EBS", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/ebs/sc-ebs.yml", 9 | "ProductRoleName" : "sc-ebs-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/ebs/sc-ebs-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-ebs-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-efs.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "efs", 5 | "ProductDescription" : "Elastic File System", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/efs/sc-efs.yml", 9 | "ProductRoleName" : "sc-efs-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/efs/sc-efs-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-efs-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-elasticache.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters": { 3 | "PortfolioStack": "var.portfolioCfn", 4 | "ProductName": "elasticache", 5 | "ProductDescription": "ElastiCache", 6 | "ProductVersion": "1.0", 7 | "ProductVersionDescription": "Initial Version", 8 | "ProductTemplateUrl": "aws-service-catalog-reference-architectures/labs/preventive-control/products/elasticache/sc-elasticache.yml", 9 | "ProductRoleName": "sc-elasticache-product-role", 10 | "ProductPolicyName": "var.policy", 11 | "ProductRoleTemplateUrl": "aws-service-catalog-reference-architectures/labs/preventive-control/products/elasticache/sc-elasticache-products-role.yml", 12 | "TemplateRuleConstraint": { 13 | "NodeType": { 14 | "Assertions": [ 15 | { 16 | "Assert": { 17 | "Fn::Contains": [ 18 | [ 19 | "cache.t2.micro", 20 | "cache.t2.small", 21 | "cache.t2.medium", 22 | "cache.m4.large", 23 | "cache.m4.xlarge", 24 | "cache.r5.large", 25 | "cache.r5.xlarge" 26 | ], 27 | { 28 | "Ref": "NodeType" 29 | } 30 | ] 31 | }, 32 | "AssertDescription": "Elasticache Node Type" 33 | } 34 | ] 35 | } 36 | }, 37 | "DeploymentBucket": "var.deploymentBucket", 38 | "DeployUpdatePipeline": "true", 39 | "UpdateConfigFileName": "sc-elasticache-update" 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-firehose.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "firehose", 5 | "ProductDescription" : "Kinesis Firehose", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/firehose/sc-firehose.yml", 9 | "ProductRoleName" : "sc-firehose-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/firehose/sc-firehose-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-firehose-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-fsx.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "fsx", 5 | "ProductDescription" : "FSx for Windows", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/fsx/sc-fsx.yml", 9 | "ProductRoleName" : "sc-fsx-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/fsx/sc-fsx-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-fsx-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-kinesis.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "kinesis", 5 | "ProductDescription" : "Kinesis", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/kinesis/sc-kinesis.yml", 9 | "ProductRoleName" : "sc-kinesis-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/kinesis/sc-kinesis-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-kinesis-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-s3.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "s3", 5 | "ProductDescription" : "S3 Bucket", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/s3/sc-s3.yml", 9 | "ProductRoleName" : "sc-s3-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/s3/sc-s3-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-s3-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-sns.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "sns", 5 | "ProductDescription" : "SNS", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/sns/sc-sns.yml", 9 | "ProductRoleName" : "sc-sns-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/sns/sc-sns-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-sns-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products-config/sc-product-sqs.deployer: -------------------------------------------------------------------------------- 1 | { 2 | "Parameters" : { 3 | "PortfolioStack" : "var.portfolioCfn", 4 | "ProductName" : "sqs", 5 | "ProductDescription" : "SQS", 6 | "ProductVersion" : "1.0", 7 | "ProductVersionDescription" : "Initial Version", 8 | "ProductTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/sqs/sc-sqs.yml", 9 | "ProductRoleName" : "sc-sqs-product-role", 10 | "ProductPolicyName" : "var.policy", 11 | "ProductRoleTemplateUrl" : "aws-service-catalog-reference-architectures/labs/preventive-control/products/sqs/sc-sqs-products-role.yml", 12 | "TemplateRuleConstraint" : "", 13 | "DeploymentBucket" : "var.deploymentBucket", 14 | "DeployUpdatePipeline":"true", 15 | "UpdateConfigFileName": "sc-sqs-update" 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /labs/preventive-control/products/alb/sc-alb-listener.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog ALB Listener Product 18 | Parameters: 19 | CertificateArn: 20 | Description: ARN of ACM Certificate to apply to ALB 21 | Type: String 22 | Default: "" 23 | ALBTargetGroupStack: 24 | Description: ALB Target Group ARN 25 | Type: String 26 | ALBStack: 27 | Description: ALB ARN 28 | Type: String 29 | AppPort: 30 | Description: 'Application Port' 31 | Type: String 32 | Default: 443 33 | AllowedValues: 34 | - 443 35 | - 8443 36 | 37 | Resources: 38 | ALBListener: 39 | Type: 'AWS::ElasticLoadBalancingV2::Listener' 40 | Properties: 41 | Certificates: 42 | - CertificateArn: !Ref CertificateArn 43 | DefaultActions: 44 | - Type: forward 45 | TargetGroupArn: 46 | Fn::ImportValue: 47 | !Sub "${ALBTargetGroupStack}-ALBTargetId" 48 | LoadBalancerArn: 49 | Fn::ImportValue: 50 | !Sub "${ALBStack}-ALBArn" 51 | Port: !Ref AppPort 52 | Protocol: HTTPS 53 | 54 | Outputs: 55 | ALBListenerArn: 56 | Value: !Ref ALBListener 57 | Export: 58 | Name: !Sub ${AWS::StackName}-ALBListenerArn 59 | -------------------------------------------------------------------------------- /labs/preventive-control/products/asc/sc-asc-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "ASC" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "iam:PassRole" 53 | - "autoscaling:*" 54 | Resource: "*" 55 | 56 | Outputs: 57 | ProductRoleArn: 58 | Value: !GetAtt ProductRole.Arn 59 | -------------------------------------------------------------------------------- /labs/preventive-control/products/dynamodb/sc-dynamodb-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "DynamoDB" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "dynamodb:CreateTable" 53 | - "dynamodb:TagResource" 54 | - "dynamodb:UntagResource" 55 | - "dynamodb:DescribeTable" 56 | - "dynamodb:ListTables" 57 | - "dynamodb:DeleteTable" 58 | Resource: "*" 59 | 60 | Outputs: 61 | ProductRoleArn: 62 | Value: !GetAtt ProductRole.Arn 63 | -------------------------------------------------------------------------------- /labs/preventive-control/products/ebs/sc-ebs-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "EBS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "ec2:DeleteVolume" 53 | - "ec2:DeleteTags" 54 | - "ec2:DescribeSnapshotAttribute" 55 | - "ec2:CreateTags" 56 | - "ec2:DescribeSnapshots" 57 | - "ec2:CreateVolume" 58 | Resource: "*" 59 | 60 | Outputs: 61 | ProductRoleArn: 62 | Value: !GetAtt ProductRole.Arn 63 | -------------------------------------------------------------------------------- /labs/preventive-control/products/efs/sc-efs-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "EFS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "elasticfilesystem:DescribeTags" 53 | - "elasticfilesystem:CreateFileSystem" 54 | - "elasticfilesystem:DescribeFileSystems" 55 | - "elasticfilesystem:DeleteFileSystem" 56 | - "elasticfilesystem:CreateTags" 57 | - "elasticfilesystem:DeleteTags" 58 | Resource: "*" 59 | 60 | Outputs: 61 | ProductRoleArn: 62 | Value: !GetAtt ProductRole.Arn 63 | -------------------------------------------------------------------------------- /labs/preventive-control/products/efs/sc-efs.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Service Catalog EFS Product 18 | Parameters: 19 | KMSId: 20 | Description: KMS Encryption Key Id 21 | Type: String 22 | Tags: 23 | Description: The tags to be applied to the resource. 24 | Type: String 25 | Default: '' 26 | 27 | Conditions: 28 | HasTags: !Not [!Equals [!Ref Tags, '']] 29 | 30 | Resources: 31 | GetTags: 32 | Type: "Custom::ResourceCompliance" 33 | Condition : HasTags 34 | Version: "1.0" 35 | Properties: 36 | ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:sc-resource-compliance' 37 | Action: 38 | Name: json 39 | Parameters: 40 | JSON: !Ref Tags 41 | Type: Tags 42 | EFS: 43 | Type: AWS::EFS::FileSystem 44 | Properties: 45 | Encrypted: True 46 | FileSystemTags: !If [HasTags, !GetAtt GetTags.Json, !Ref "AWS::NoValue"] 47 | KmsKeyId: !Ref KMSId 48 | PerformanceMode: generalPurpose 49 | ThroughputMode: bursting 50 | 51 | Outputs: 52 | EFSId: 53 | Value: !Ref EFS 54 | Export: 55 | Name: !Sub ${AWS::StackName}-EFSId 56 | -------------------------------------------------------------------------------- /labs/preventive-control/products/firehose/sc-firehose-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "Kinesis" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "firehose:DescribeDeliveryStream" 53 | - "firehose:DeleteDeliveryStream" 54 | - "firehose:CreateDeliveryStream" 55 | - "firehose:ListTagsForDeliveryStream" 56 | - "firehose:TagDeliveryStream" 57 | - "firehose:UntagDeliveryStream" 58 | - "iam:PassRole" 59 | Resource: "*" 60 | 61 | Outputs: 62 | ProductRoleArn: 63 | Value: !GetAtt ProductRole.Arn 64 | -------------------------------------------------------------------------------- /labs/preventive-control/products/fsx/sc-fsx-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "FSX" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "fsx:DescribeFileSystems" 53 | - "fsx:ListTagsForResource" 54 | - "fsx:CreateFileSystem" 55 | - "fsx:UntagResource" 56 | - "fsx:TagResource" 57 | - "fsx:UpdateFileSystem" 58 | - "fsx:DeleteFileSystem" 59 | Resource: "*" 60 | 61 | Outputs: 62 | ProductRoleArn: 63 | Value: !GetAtt ProductRole.Arn 64 | -------------------------------------------------------------------------------- /labs/preventive-control/products/sns/sc-sns-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "SNS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "sns:DeleteTopic" 53 | - "sns:CreateTopic" 54 | - "sns:ListTopics" 55 | - "sns:AddPermission" 56 | - "sns:RemovePermission" 57 | Resource: "*" 58 | 59 | Outputs: 60 | ProductRoleArn: 61 | Value: !GetAtt ProductRole.Arn 62 | -------------------------------------------------------------------------------- /labs/preventive-control/products/sqs/sc-sqs-products-role.yml: -------------------------------------------------------------------------------- 1 | # * Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | # * 3 | # * Permission is hereby granted, free of charge, to any person obtaining a copy of this 4 | # * software and associated documentation files (the "Software"), to deal in the Software 5 | # * without restriction, including without limitation the rights to use, copy, modify, 6 | # * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to 7 | # * permit persons to whom the Software is furnished to do so. 8 | # * 9 | # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 10 | # * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 11 | # * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 12 | # * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 13 | # * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 14 | # * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | AWSTemplateFormatVersion: 2010-09-09 17 | Description: Create Service Catalog Product Role 18 | Parameters: 19 | ProductRoleName: 20 | Description: Product IAM Role Name 21 | Type: String 22 | ProductPolicyName: 23 | Description: Product IAM Role Name 24 | Type: String 25 | 26 | Resources: 27 | ProductRole: 28 | Type: 'AWS::IAM::Role' 29 | Properties: 30 | RoleName: !Ref ProductRoleName 31 | AssumeRolePolicyDocument: 32 | Version: 2012-10-17 33 | Statement: 34 | - Effect: Allow 35 | Principal: 36 | Service: 37 | - servicecatalog.amazonaws.com 38 | Action: 39 | - 'sts:AssumeRole' 40 | Path: / 41 | ManagedPolicyArns: 42 | - !Sub 'arn:aws:iam::${AWS::AccountId}:policy/${ProductPolicyName}' 43 | Policies: 44 | - 45 | PolicyName: "SQS" 46 | PolicyDocument: 47 | Version: "2012-10-17" 48 | Statement: 49 | - 50 | Effect: "Allow" 51 | Action: 52 | - "sqs:ListQueues" 53 | - "sqs:GetQueueUrl" 54 | - "sqs:DeleteQueue" 55 | - "sqs:GetQueueAttributes" 56 | - "sqs:CreateQueue" 57 | Resource: "*" 58 | 59 | Outputs: 60 | ProductRoleArn: 61 | Value: !GetAtt ProductRole.Arn 62 | -------------------------------------------------------------------------------- /labs/preventive-control/resource-compliance-lambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/preventive-control/resource-compliance-lambda.zip -------------------------------------------------------------------------------- /labs/preventive-control/resource-selector-lambda.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/preventive-control/resource-selector-lambda.zip -------------------------------------------------------------------------------- /labs/xacct-pipeline/images/Architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/xacct-pipeline/images/Architecture.png -------------------------------------------------------------------------------- /labs/xacct-pipeline/images/ArtifactBucket.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/xacct-pipeline/images/ArtifactBucket.png -------------------------------------------------------------------------------- /labs/xacct-pipeline/images/CodePipelineWorkflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/xacct-pipeline/images/CodePipelineWorkflow.png -------------------------------------------------------------------------------- /labs/xacct-pipeline/images/Exports.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/xacct-pipeline/images/Exports.png -------------------------------------------------------------------------------- /labs/xacct-pipeline/images/MasterStackOutput.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/xacct-pipeline/images/MasterStackOutput.png -------------------------------------------------------------------------------- /labs/xacct-pipeline/sub/CFN/DeployEC2.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: "2010-09-09" 2 | Parameters: 3 | LatestAmiId: 4 | Type: 'AWS::SSM::Parameter::Value' 5 | Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2' 6 | Resources: 7 | WebInstance: 8 | Type: AWS::EC2::Instance 9 | Properties: 10 | InstanceType: t2.nano 11 | ImageId: !Ref LatestAmiId 12 | SecurityGroupIds: [ !ImportValue SCDemoSG ] 13 | SubnetId: !Select [ 0, !Split [ ",", !ImportValue SCDemoPublicSubnet ] ] 14 | 15 | -------------------------------------------------------------------------------- /labs/xacct-pipeline/sub/CFN/DeployVPC.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: 2010-09-09 2 | 3 | Parameters: 4 | EnvironmentName: 5 | Description: Environment Name 6 | Type: String 7 | Default: "SCBlogEnv" 8 | 9 | Resources: 10 | VPC: 11 | Type: "AWS::ServiceCatalog::CloudFormationProvisionedProduct" 12 | Properties: 13 | # from aws servicecatalog search-products-as-admin 14 | ProductId: !ImportValue ProductID 15 | # from aws servicecatalog describe-product-as-admin --id 16 | ProvisioningArtifactId: !ImportValue ArtifactID 17 | ProvisioningParameters: 18 | - Key: "EnvironmentName" 19 | Value: !Ref EnvironmentName 20 | 21 | -------------------------------------------------------------------------------- /labs/xacct-pipeline/sub/scblog.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/labs/xacct-pipeline/sub/scblog.zip -------------------------------------------------------------------------------- /rds/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog RDS Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called 4 | "AWS Service Catalog RDS Reference Architecture" with four associated products. 5 | The AWS Service Catalog Products reference RDS database cloudformation templates for 6 | PostgreSQL, MySQL, MariaDB, Microsoft SQL which can be launched by end users through AWS 7 | Service Catalog as either single instance databases or multi-availability zone databases. 8 | 9 | ### Install 10 | Launch the RDS portfolio stack: 11 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-RDSPortfolio&templateURL=https://s3.amazonaws.com/aws-service-catalog-reference-architectures/rds/sc-portfolio-rds.json) 12 | 13 | 14 | ### Single Instance Architecture 15 | ![sc-rds-ra-architecture-multi-az.png](sc-rds-ra-architecture-single-instance.png) 16 | 17 | 18 | ### Multi-Availability Zone Architecture 19 | ![sc-rds-ra-architecture-single-instance.png](sc-rds-ra-architecture-multi-az.png) 20 | 21 | -------------------------------------------------------------------------------- /rds/sc-rds-ra-architecture-multi-az.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/rds/sc-rds-ra-architecture-multi-az.png -------------------------------------------------------------------------------- /rds/sc-rds-ra-architecture-single-instance.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/rds/sc-rds-ra-architecture-single-instance.png -------------------------------------------------------------------------------- /s3/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog S3 Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called "Service Catalog S3 Reference Architecture" 4 | with five associated products. The AWS Service Catalog Product references cloudformation templates for the Amazon S3 buckets which 5 | can be launched by end users through Service Catalog. The AWS Service Catalog S3 products create S3 buckets with varying 6 | configurations: 7 | 1. Read-Only bucket with access from anywhere 8 | 2. Private bucket with access restricted to a source CIDR block 9 | 3. Private bucket with access requiring multi-factor authentication 10 | 4. Private bucket with contents encrypted with S3 server side encryption 11 | 5. Private bucket with a transition ruleset to migrate innactive objects to S3-IA and Glacier. 12 | 13 | 14 | ### Install 15 | Launch the S3 portfolio stack: 16 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-S3Portfolio&templateURL=https://s3.amazonaws.com/aws-service-catalog-reference-architectures/s3/sc-portfolio-s3.json) 17 | 18 | 19 | ### AWS S3 public Access read-only bucket 20 | 21 | ![sc-s3-public-ra-architecture.png](sc-s3-public-ra-architecture.png) 22 | 23 | ### AWS S3 private bucket with restricted access from source CIDR block 24 | 25 | ![sc-s3-cidr-ra-architecture.png](sc-s3-cidr-ra-architecture.png) 26 | 27 | ### AWS S3 Private SSE-S3 Encrypted Bucket 28 | 29 | ![sc-s3-encyprted-ra-architecture.png](sc-s3-encrypted-ra-architecture.png) 30 | 31 | ### AWS S3 Private MFA Restricted Access Bucket 32 | 33 | ![sc-s3-mfa-ra-architecture.png](sc-s3-mfa-ra-architecture.png) 34 | 35 | ### AWS S3 Private Bucket with transition policy for S3-IA and Glacier 36 | 37 | ![sc-s3-transition-ra-architecture.png](sc-s3-transition-ra-architecture.png) 38 | 39 | 40 | -------------------------------------------------------------------------------- /s3/sc-s3-cidr-ra-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/s3/sc-s3-cidr-ra-architecture.png -------------------------------------------------------------------------------- /s3/sc-s3-encrypted-ra-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/s3/sc-s3-encrypted-ra-architecture.png -------------------------------------------------------------------------------- /s3/sc-s3-mfa-ra-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/s3/sc-s3-mfa-ra-architecture.png -------------------------------------------------------------------------------- /s3/sc-s3-public-ra-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/s3/sc-s3-public-ra-architecture.png -------------------------------------------------------------------------------- /s3/sc-s3-public-ra.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Service Catalog: S3 Reference Architecture: Public read-only bucket accessible from anywhere. Consider alternate options like distributing via CloudFront OAI instead of creating bucket using this template.(fdp-1oc5gsre6).", 4 | "Resources": { 5 | "S3Bucket": { 6 | "Type": "AWS::S3::Bucket", 7 | "DeletionPolicy": "Delete", 8 | "Properties": { 9 | "AccessControl": "PublicRead", 10 | "Tags": [ 11 | { 12 | "Key": "Name", 13 | "Value": "SC-S3-RA-S3-Bucket" 14 | } 15 | ] 16 | } 17 | } 18 | }, 19 | "Outputs": { 20 | "BucketName": { 21 | "Value": { 22 | "Ref": "S3Bucket" 23 | }, 24 | "Description": "Name of the Amazon S3 bucket." 25 | }, 26 | "BucketARN": { 27 | "Value": { 28 | "Fn::GetAtt": [ 29 | "S3Bucket", 30 | "Arn" 31 | ] 32 | } 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /s3/sc-s3-simple-ra.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Service Catalog: S3 Reference Architecture: Private restricted access bucket with S3-IA and Glacier transition rules.(fdp-1qj64b3is)", 4 | "Resources": { 5 | "S3Bucket": { 6 | "Type": "AWS::S3::Bucket", 7 | "DeletionPolicy": "Delete", 8 | "Properties": { 9 | "AccessControl": "Private", 10 | } 11 | } 12 | }, 13 | "Outputs": { 14 | "BucketName": { 15 | "Value": { 16 | "Ref": "S3Bucket" 17 | } 18 | }, 19 | "BucketARN": { 20 | "Value": { 21 | "Fn::GetAtt": [ 22 | "S3Bucket", 23 | "Arn" 24 | ] 25 | } 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /s3/sc-s3-transition-ra-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/s3/sc-s3-transition-ra-architecture.png -------------------------------------------------------------------------------- /sagemaker/sc-product-EMR-sagemaker.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "EMR-backed Amazon SageMaker notebook instance Service Catalog product. (fdp-1qj64b3f1)", 4 | "Parameters": 5 | { 6 | "PortfolioProvider": { 7 | "Type":"String", 8 | "Description":"Owner and Distributor Name" 9 | }, 10 | "PortfolioId":{ 11 | "Type":"String", 12 | "Description":"The ServiceCatalog portfolio this product will be attached to." 13 | }, 14 | "RepoRootURL": { 15 | "Type":"String", 16 | "Description":"Root url for the repo containing the product templates." 17 | } 18 | 19 | }, 20 | "Resources": { 21 | "scemrnnstanceproduct": { 22 | "Type": "AWS::ServiceCatalog::CloudFormationProduct", 23 | "Properties": { 24 | "Name": "EMR backed Amazon SageMaker notebook instance", 25 | "Description": "This product creates an EMR cluster backed Amazon SageMaker notebook instance.", 26 | "Owner": {"Ref":"PortfolioProvider"}, 27 | "Distributor": {"Ref":"PortfolioProvider"}, 28 | "SupportDescription": "Operations Team", 29 | "SupportEmail": "support@yourcompany.com", 30 | "AcceptLanguage": "en", 31 | "SupportUrl": "http://helpdesk.yourcompany.com", 32 | "ProvisioningArtifactParameters": [ 33 | { 34 | "Description": "baseline version", 35 | "Info": { 36 | "LoadTemplateFromURL": {"Fn::Sub": "${RepoRootURL}sagemaker/emr-backed-notebook-instance.yml"} 37 | }, 38 | "Name": "v1.1" 39 | } 40 | ] 41 | } 42 | }, 43 | "Associateemrnnstance":{ 44 | "Type" : "AWS::ServiceCatalog::PortfolioProductAssociation", 45 | "Properties" : { 46 | "PortfolioId" : {"Ref":"PortfolioId"}, 47 | "ProductId" : {"Ref":"scemrnnstanceproduct"} 48 | } 49 | } 50 | } 51 | } -------------------------------------------------------------------------------- /sagemaker/sc-product-model-aws-marketplace.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "AWS Marketplace Model Package : AWS Service Catalog product. (fdp-marketplace-ml-model-prod)", 4 | "Parameters": 5 | { 6 | "PortfolioProvider": { 7 | "Type":"String", 8 | "Description":"Owner and Distributor Name" 9 | }, 10 | "PortfolioId":{ 11 | "Type":"String", 12 | "Description":"The ServiceCatalog portfolio this product will be attached to." 13 | }, 14 | "RepoRootURL": { 15 | "Type":"String", 16 | "Description":"Root url for the repo containing the product templates." 17 | } 18 | 19 | }, 20 | "Resources": { 21 | "mlawsmarketplaceproduct": { 22 | "Type": "AWS::ServiceCatalog::CloudFormationProduct", 23 | "Properties": { 24 | "Name": "GluonCV YOLOv3 Object Detector Model Package", 25 | "Description": "This product creates an endpoint for an AWS Marketplace ML model package.", 26 | "Owner": {"Ref":"PortfolioProvider"}, 27 | "Distributor": {"Ref":"PortfolioProvider"}, 28 | "SupportDescription": "Operations Team", 29 | "SupportEmail": "support@yourcompany.com", 30 | "AcceptLanguage": "en", 31 | "SupportUrl": "http://helpdesk.yourcompany.com", 32 | "ProvisioningArtifactParameters": [ 33 | { 34 | "Description": "baseline version", 35 | "Info": { 36 | "LoadTemplateFromURL": {"Fn::Sub": "${RepoRootURL}sagemaker/aws-marketplace-model-deployment.yml"} 37 | }, 38 | "Name": "v1.0" 39 | } 40 | ] 41 | } 42 | }, 43 | "Associateemrnnstance":{ 44 | "Type" : "AWS::ServiceCatalog::PortfolioProductAssociation", 45 | "Properties" : { 46 | "PortfolioId" : {"Ref":"PortfolioId"}, 47 | "ProductId" : {"Ref":"mlawsmarketplaceproduct"} 48 | } 49 | } 50 | } 51 | } -------------------------------------------------------------------------------- /sagemaker/sc-product-sagemaker.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "SageMaker product. (fdp-1qj64b3dn)", 4 | "Parameters": 5 | { 6 | "PortfolioProvider": { 7 | "Type":"String", 8 | "Description":"Owner and Distributor Name" 9 | }, 10 | "PortfolioId":{ 11 | "Type":"String", 12 | "Description":"The ServiceCatalog portfolio this product will be attached to." 13 | }, 14 | "RepoRootURL": { 15 | "Type":"String", 16 | "Description":"Root url for the repo containing the product templates." 17 | } 18 | 19 | }, 20 | "Resources": { 21 | "scsmproduct": { 22 | "Type": "AWS::ServiceCatalog::CloudFormationProduct", 23 | "Properties": { 24 | "Name": "SageMaker notebook instance", 25 | "Description": "This product creates a Amazon SageMaker notebook instance.", 26 | "Owner": {"Ref":"PortfolioProvider"}, 27 | "Distributor": {"Ref":"PortfolioProvider"}, 28 | "SupportDescription": "Operations Team", 29 | "SupportEmail": "support@yourcompany.com", 30 | "AcceptLanguage": "en", 31 | "SupportUrl": "http://helpdesk.yourcompany.com", 32 | "ProvisioningArtifactParameters": [ 33 | { 34 | "Description": "baseline notebook", 35 | "Info": { 36 | "LoadTemplateFromURL": {"Fn::Sub": "${RepoRootURL}sagemaker/sc-sagemaker.yml"} 37 | }, 38 | "Name": "v1.0" 39 | } 40 | ] 41 | } 42 | }, 43 | "Associateemrnnstance":{ 44 | "Type" : "AWS::ServiceCatalog::PortfolioProductAssociation", 45 | "Properties" : { 46 | "PortfolioId" : {"Ref":"PortfolioId"}, 47 | "ProductId" : {"Ref":"scsmproduct"} 48 | } 49 | } 50 | } 51 | } -------------------------------------------------------------------------------- /sc-ra-portfolios.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/sc-ra-portfolios.png -------------------------------------------------------------------------------- /sc-ra-products.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/sc-ra-products.png -------------------------------------------------------------------------------- /security/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog GuardDuty Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called 4 | "Service Catalog - AWS GuardDuty Reference Architecture" with one associated product. 5 | The AWS Service Catalog Product references a cloudformation template for the 6 | a GuardDuty which can be launched by end users through AWS Service Catalog. 7 | The AWS Service Catalog GuardDuty product enables GuardDuty Delegated Aministrator account in all AWS Regions. GuardDuty findings across all regions are exported to aws-controltower-guardduty-[account id]-[region] bucket in the the Control Tower Log Archive account. 8 | 9 | ### Install 10 | Launch the GuardDuty portfolio stack: 11 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-GuardDuty-Portfolio&templateURL=https://aws-service-catalog-reference-architectures.s3.amazonaws.com/security/sc-portfolio-gd.json) 12 | 13 | -------------------------------------------------------------------------------- /security/guardduty/function.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/security/guardduty/function.zip -------------------------------------------------------------------------------- /security/guardduty/sc-enduser-iam.json: -------------------------------------------------------------------------------- 1 | { 2 | "Description": "ServiceCatalog End User policy and group (fdp-1p4dlgcp7)", 3 | "Resources": { 4 | "SCEnduserGroup": { 5 | "Type": "AWS::IAM::Group", 6 | "Properties": { 7 | "GroupName": "ServiceCatalogEndusers", 8 | "ManagedPolicyArns": [ 9 | "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess" 10 | ], 11 | "Path": "/" 12 | } 13 | }, 14 | "SCEnduserRole": { 15 | "Type": "AWS::IAM::Role", 16 | "Properties": { 17 | "RoleName": "ServiceCatalogEndusers", 18 | "ManagedPolicyArns": [ 19 | "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess" 20 | ], 21 | "Path": "/", 22 | "AssumeRolePolicyDocument": { 23 | "Version": "2012-10-17", 24 | "Statement": [ 25 | { 26 | "Effect": "Allow", 27 | "Principal": { 28 | "AWS": { 29 | "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:root" 30 | } 31 | }, 32 | "Action": [ 33 | "sts:AssumeRole" 34 | ] 35 | } 36 | ] 37 | } 38 | } 39 | } 40 | }, 41 | "Outputs": { 42 | "EndUserGroupArn": { 43 | "Value": { 44 | "Fn::GetAtt": [ 45 | "SCEnduserGroup", 46 | "Arn" 47 | ] 48 | } 49 | }, 50 | "EndUserGroupName": { 51 | "Value": { 52 | "Ref": "SCEnduserGroup" 53 | } 54 | }, 55 | "EndUserRoleArn": { 56 | "Value": { 57 | "Fn::GetAtt": [ 58 | "SCEnduserRole", 59 | "Arn" 60 | ] 61 | } 62 | }, 63 | "EndUserRoleName": { 64 | "Value": { 65 | "Ref": "SCEnduserRole" 66 | } 67 | } 68 | } 69 | } -------------------------------------------------------------------------------- /serverless/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog Serverless Reference architecture 2 | 3 | This reference architecture creates a AWS Service Catalog Portfolio and sample product for creating AWS Lambda functions. 4 | End Users can create the Lambda function by supplying the S3 path to the code zip file and selecting basic settings for code runtime. 5 | 6 | 7 | 8 | ### Install 9 | Launch the Serverless portfolio stack: 10 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-LambdaPortfolio&templateURL=https://s3.amazonaws.com/aws-service-catalog-reference-architectures/serverless/sc-portfolio-serverless.yml) 11 | 12 | 13 | ##Serverless Inc. Plugin 14 | this is a plugin for launching [serverless](https://www.serverless.com/) architecture from AWS Service Catalog. 15 | See the blog about the Serverless plugin for Service Catalog: 16 | https://aws.amazon.com/blogs/apn/deploying-code-faster-with-serverless-framework-and-aws-service-catalog/ 17 | 18 | Plugin Repo: https://github.com/godaddy/serverless-aws-servicecatalog 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /serverless/sc-product-serverless-lambda.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: AWS Lambda Service Catalog product (fdp-1p5rtpgls) 4 | Parameters: 5 | PortfolioProvider: 6 | Type: String 7 | Description: Owner and Distributor Name 8 | LaunchConstraintARN: 9 | Type: String 10 | Description: ARN of the launch constraint role for EC2 products. 11 | PortfolioId: 12 | Type: String 13 | Description: The ServiceCatalog portfolio this product will be attached to. 14 | RepoRootURL: 15 | Type: String 16 | Description: Root url for the repo containing the product templates. 17 | Resources: 18 | lambdaproduct: 19 | Type: AWS::ServiceCatalog::CloudFormationProduct 20 | Properties: 21 | Name: Amazon Lambda APIGateway Endpoint 22 | Description: This product builds one Amazon Lambda function and APIGateway endpoint 23 | Owner: 24 | Ref: PortfolioProvider 25 | Distributor: 26 | Ref: PortfolioProvider 27 | SupportDescription: Operations Team 28 | SupportEmail: support@yourcompany.com 29 | AcceptLanguage: en 30 | SupportUrl: http://helpdesk.yourcompany.com 31 | ProvisioningArtifactParameters: 32 | - Description: baseline version 33 | Info: 34 | LoadTemplateFromURL: 35 | Fn::Sub: "${RepoRootURL}serverless/sc-serverless-lambda.yml" 36 | Name: v1.2 37 | Associatelambda: 38 | Type: AWS::ServiceCatalog::PortfolioProductAssociation 39 | Properties: 40 | PortfolioId: 41 | Ref: PortfolioId 42 | ProductId: 43 | Ref: lambdaproduct 44 | constraintlambda: 45 | Type: AWS::ServiceCatalog::LaunchRoleConstraint 46 | DependsOn: Associatelambda 47 | Properties: 48 | PortfolioId: 49 | Ref: PortfolioId 50 | ProductId: 51 | Ref: lambdaproduct 52 | RoleArn: 53 | Ref: LaunchConstraintARN 54 | Description: 55 | Ref: LaunchConstraintARN 56 | Outputs: 57 | ProductId: 58 | Value: 59 | Ref: lambdaproduct 60 | ProvisioningArtifactIds: 61 | Value: 62 | Fn::GetAtt: 63 | - lambdaproduct 64 | - ProvisioningArtifactIds 65 | ProvisioningArtifactNames: 66 | Value: 67 | Fn::GetAtt: 68 | - lambdaproduct 69 | - ProvisioningArtifactNames 70 | -------------------------------------------------------------------------------- /serverless/sc-provision-serverless.yml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: '2010-09-09' 3 | Description: ServiceCatalog Resource provisioning template for Serverless application 4 | (fdp-1p5rtpgld) 5 | Parameters: 6 | ProductId: 7 | Type: String 8 | ProvisioningArtifactName: 9 | Type: String 10 | Description: The product's version name 11 | Default: v1.0 12 | LambdaName: 13 | Type: String 14 | LambdaStage: 15 | Type: String 16 | Description: test, dev, prod, ... 17 | S3Bucket: 18 | Type: String 19 | S3Key: 20 | Type: String 21 | Description: The full key of the lambda package path in S3 without the bucket 22 | name. 23 | Handler: 24 | Type: String 25 | Default: wsgi.handler 26 | Runtime: 27 | Type: String 28 | Default: python3.8 29 | AllowedValues: 30 | - nodejs12.x 31 | - nodejs14.x 32 | - java8 33 | - java11 34 | - python2.7 35 | - python3.8 36 | - python3.7 37 | - python3.6 38 | - dotnetcore2.1 39 | - go1.x 40 | - ruby2.5 41 | MemorySize: 42 | Type: Number 43 | Default: 1024 44 | Timeout: 45 | Type: Number 46 | Default: 5 47 | Resources: 48 | SCprovisionServerless: 49 | Type: AWS::ServiceCatalog::CloudFormationProvisionedProduct 50 | Properties: 51 | ProvisioningParameters: 52 | - Key: S3Bucket 53 | Value: 54 | Ref: S3Bucket 55 | - Key: S3Key 56 | Value: 57 | Ref: S3Key 58 | - Key: LambdaName 59 | Value: 60 | Ref: LambdaName 61 | - Key: LambdaStage 62 | Value: 63 | Ref: LambdaStage 64 | - Key: Handler 65 | Value: 66 | Ref: Handler 67 | - Key: Runtime 68 | Value: 69 | Ref: Runtime 70 | - Key: MemorySize 71 | Value: 72 | Ref: MemorySize 73 | - Key: Timeout 74 | Value: 75 | Ref: Timeout 76 | ProductId: 77 | Ref: ProductId 78 | ProvisionedProductName: 79 | Fn::Sub: provisionServerless-${LambdaName} 80 | Outputs: 81 | CloudformationStackArn: 82 | Description: The Cloudformation stack that was created for the product 83 | Value: 84 | Fn::GetAtt: 85 | - SCprovisionServerless 86 | - CloudformationStackArn 87 | ProvisionedProductID: 88 | Description: Provisioned product ID 89 | Value: 90 | Ref: SCprovisionServerless 91 | -------------------------------------------------------------------------------- /vpc/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog VPC Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called "Service Catalog VPC Reference Architecture". 4 | The AWS Service Catalog Products reference cloudformation templates for the Amazon VPC which can be launched by end users through 5 | AWS Service Catalog. The product creates a VPC with two public and private subnets across two availability zones. 6 | The VPC includes an Internet Gateway and a managed NAT Gateway in each public subnet as well as VPC Route Tables and 7 | Network ACLs that allow for communication between the public and private subnets. Optionally, an Amazon Linux bastion instance 8 | and a Security Group can be deployed into the public subnet to allow for remote connectivity to the bastion instance. 9 | 10 | 11 | ### Install 12 | Launch the VPC portfolio stack: 13 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-VPCPortfolio&templateURL=https://s3.amazonaws.com/aws-service-catalog-reference-architectures/vpc/sc-portfolio-vpc.json) 14 | * If you have already run the EC2 template, then you will put the _output.LaunchRoleName_ from the completed LaunchConstraintRole stack in the _LaunchRoleName_ field (default is SCEC2LaunchRole). 15 | 16 | 17 | ### Multi-Availability Zone Architecture with Amazon Linux Bastion Instance 18 | 19 | ![sc-vpc-ra-architecture-multi-az.png](sc-vpc-ra-architecture-multi-az.png) 20 | -------------------------------------------------------------------------------- /vpc/sc-vpc-ra-architecture-multi-az.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-samples/aws-service-catalog-reference-architectures/23f6f5b7e137796595c31fa3b290db32a4b97fe7/vpc/sc-vpc-ra-architecture-multi-az.png -------------------------------------------------------------------------------- /workspaces/README.md: -------------------------------------------------------------------------------- 1 | # AWS Service Catalog Workspaces Reference architecture 2 | 3 | This reference architecture creates an AWS Service Catalog Portfolio called "Service Catalog Workspaces Reference Architecture" with one associated product. 4 | 5 | 6 | ### Install 7 | Launch the Workspaces portfolio stack: 8 | [![CreateStack](https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=SC-RA-Workspaces-Portfolio&templateURL=https://aws-service-catalog-reference-architectures.s3.amazonaws.com/workspaces/sc-portfolio-workspaces.json) 9 | -------------------------------------------------------------------------------- /workspaces/sc-workspaces-ra-no-encrypt.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Virtual Desktop, Create Workspaces (fdp-1pktpqi6d)", 4 | "Parameters": { 5 | "DirectoryId": { 6 | "Description": "DirectoryId ", 7 | "Type": "String" 8 | }, 9 | "UserName": { 10 | "Description": "Workspaces AD user", 11 | "Type": "String" 12 | }, 13 | "BundleId": { 14 | "Description": "BundleId ", 15 | "Type": "String" 16 | 17 | } 18 | }, 19 | "Resources": { 20 | "MyWorkSpace": { 21 | "Type": "AWS::WorkSpaces::Workspace", 22 | "Properties": { 23 | "BundleId": { 24 | "Ref": "BundleId" 25 | }, 26 | "DirectoryId": { 27 | "Ref": "DirectoryId" 28 | }, 29 | "UserName": { 30 | "Ref": "UserName" 31 | }, 32 | "RootVolumeEncryptionEnabled": false, 33 | "UserVolumeEncryptionEnabled": false, 34 | 35 | } 36 | } 37 | }, 38 | "Outputs": { 39 | "WorkSpaceID": { 40 | "Description": "ID of the newly created WorkSpace", 41 | "Value": { 42 | "Ref": "MyWorkSpace" 43 | } 44 | }, 45 | "UserName": { 46 | "Description": "The username for WorkSpace", 47 | "Value": { 48 | "Ref": "UserName" 49 | } 50 | }, 51 | "LogonURL": { 52 | "Description": "Use this URL to download client software used to connect to your cloud desktop", 53 | "Value": "https://clients.amazonworkspaces.com/" 54 | } 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /workspaces/sc-workspaces-ra.json: -------------------------------------------------------------------------------- 1 | { 2 | "AWSTemplateFormatVersion": "2010-09-09", 3 | "Description": "Virtual Desktop, Create Workspaces (fdp-1pktpqi6d)", 4 | "Parameters": { 5 | "DirectoryId": { 6 | "Description": "DirectoryId ", 7 | "Type": "String" 8 | }, 9 | "UserName": { 10 | "Description": "Workspaces AD user", 11 | "Type": "String" 12 | }, 13 | "BundleId": { 14 | "Description": "BundleId ", 15 | "Type": "String" 16 | 17 | }, 18 | "KMSKey":{ 19 | "Description": "KMS Key", 20 | "Type": "String" 21 | } 22 | }, 23 | "Resources": { 24 | "MyWorkSpace": { 25 | "Type": "AWS::WorkSpaces::Workspace", 26 | "Properties": { 27 | "BundleId": { 28 | "Ref": "BundleId" 29 | }, 30 | "DirectoryId": { 31 | "Ref": "DirectoryId" 32 | }, 33 | "UserName": { 34 | "Ref": "UserName" 35 | }, 36 | "RootVolumeEncryptionEnabled": true, 37 | "UserVolumeEncryptionEnabled": true, 38 | "VolumeEncryptionKey": { 39 | "Ref": "KMSKey" 40 | } 41 | } 42 | } 43 | }, 44 | "Outputs": { 45 | "WorkSpaceID": { 46 | "Description": "ID of the newly created WorkSpace", 47 | "Value": { 48 | "Ref": "MyWorkSpace" 49 | } 50 | }, 51 | "UserName": { 52 | "Description": "The username for WorkSpace", 53 | "Value": { 54 | "Ref": "UserName" 55 | } 56 | }, 57 | "LogonURL": { 58 | "Description": "Use this URL to download client software used to connect to your cloud desktop", 59 | "Value": "https://clients.amazonworkspaces.com/" 60 | } 61 | } 62 | } -------------------------------------------------------------------------------- /workspaces/sc-workspaces-simple.yml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Description: > 3 | Amazon WorkSpaces Deployment Template. This template will deploy the resources needed to 4 | deploy a single Amazon WorkSpaces desktop. 5 | Mappings: 6 | WSTypeMap: 7 | Standard-Linux-Desktop: 8 | BundleId: wsb-clj85qzj1 9 | Standard-Win10-Desktop: 10 | BundleId: wsb-gk1wpk43z 11 | Performance-Win10-Desktop: 12 | BundleId: wsb-fn373c5rw 13 | 14 | Metadata: 15 | Comments: Template to deploy an Amazon WorkSpace 16 | LastUpdated: '2018-04-26' 17 | Version: 1.0.0 18 | AWS::CloudFormation::Interface: 19 | ParameterGroups: 20 | - Label: 21 | default: Setup 22 | Parameters: 23 | - UserName 24 | - WorkstationType 25 | ParameterLabels: 26 | UserName: 27 | default: User Name 28 | WorkstationType: 29 | default: Workstation Type 30 | 31 | Parameters: 32 | UserName: 33 | Description: Your Windows login ID 34 | Type: String 35 | WorkstationType: 36 | AllowedValues: 37 | - Standard-Linux-Desktop 38 | - Standard-Win10-Desktop 39 | - Performance-Win10-Desktop 40 | Description: Select the type of workstation 41 | Default: Standard-Win10-Desktop 42 | Type: String 43 | 44 | Resources: 45 | MyWorkSpace: 46 | Type: AWS::WorkSpaces::Workspace 47 | Properties: 48 | BundleId: !FindInMap 49 | - WSTypeMap 50 | - !Ref 'WorkstationType' 51 | - BundleId 52 | DirectoryId: !ImportValue WorkspacesDirectoryID 53 | UserName: !Ref 'UserName' 54 | 55 | Outputs: 56 | WorkSpaceID: 57 | Description: ID of the newly created WorkSpace 58 | Value: !Ref 'MyWorkSpace' 59 | UserName: 60 | Description: The username for WorkSpace 61 | Value: !Ref 'UserName' 62 | LogonURL: 63 | Description: Use this URL to download client software used to connect to your cloud desktop 64 | Value: 'https://clients.amazonworkspaces.com/' 65 | 66 | 67 | --------------------------------------------------------------------------------