AWS Service Catalog

Home » AWS Cheat Sheets » AWS Management Tools » AWS Service Catalog

AWS Service Catalog

Last updated on June 23, 2023

AWS Service Catalog Cheat Sheet

  • Allows you to create, manage, and distribute catalogs of approved products to end-users, who can then access the products they need in a personalized portal. 
  • Administrators can control which users have access to each product to enforce compliance with organizational business policies. Administrators can also set up adopted roles so that end users only require IAM access to AWS Service Catalog in order to deploy approved resources.
  • This is a regional service.
Tutorials dojo strip

Features

  • Standardization of assets
  • Self-service discovery and launch
  • Fine-grain access control
  • Extensibility and version control

Concepts

  • Users
    • Catalog administrators – Manage a catalog of products, organizing them into portfolios and granting access to end users. Catalog administrators prepare AWS CloudFormation templates, configure constraints, and manage IAM roles that are assigned to products to provide for advanced resource management.
    • End users – Use AWS Service Catalog to launch products to which they have been granted access.
  • Products
    • Can comprise one or more AWS resources, such as EC2 instances, storage volumes, databases, monitoring configurations, and networking components, or packaged AWS Marketplace products.
    • You create your products by importing AWS CloudFormation templates. The templates define the AWS resources required for the product, the relationships between resources, and the parameters for launching the product to configure security groups, create key pairs, and perform other customizations.
    • You can see the products that you are using and their health state in the AWS Service Catalog console.
  • Portfolio
    • A collection of products, together with configuration information. Portfolios help manage product configuration, determine who can use specific products and how they can use them.
    • When you add a new version of a product to a portfolio, that version is automatically available to all current users of that portfolio.
    • You can also share your portfolios with other AWS accounts and allow the administrator of those accounts to distribute your portfolios with additional constraints.
    • When you add tags to your portfolio, the tags are applied to all instances of resources provisioned from products in the portfolio.
  • Versioning
    • Service Catalog allows you to manage multiple versions of the products in your catalog.
    • A version can have one of three statuses:
      • Active – An active version appears in the version list and allows users to launch it.
      • Inactive – An inactive version is hidden from the version list. Existing provisioned products launched from this version will not be affected.
      • Deleted – If a version is deleted, it is removed from the version list. Deleting a version can’t be undone.
  • Access control
    • You apply AWS IAM permissions to control who can view and modify your products and portfolios.
    • By assigning an IAM role to each product, you can avoid giving users permissions to perform unapproved operations, and enable them to provision resources using the catalog.
  • Constraints
    • You use constraints to apply limits to products for governance or cost control. 
    • Types of constraints:
      • Template constraints restrict the configuration parameters that are available for the user when launching the product. Template constraints allow you to reuse generic AWS CloudFormation templates for products and apply restrictions to the templates on a per-product or per-portfolio basis. 
      • Launch constraints allow you to specify a role for a product in a portfolio. This role is used to provision the resources at launch, so you can restrict user permissions without impacting users’ ability to provision products from the catalog.
      • Notification constraints specify an Amazon SNS topic to receive notifications about stack events.
      • Tag update constraints allow administrators to allow or disallow end users to update tags on resources associated with an AWS Service Catalog provisioned product.
  • Stack
    • Every AWS Service Catalog product is launched as an AWS CloudFormation stack.
    • You can use CloudFormation StackSets to launch Service Catalog products across multiple regions and accounts. You can specify the order in which products deploy sequentially within regions. Across accounts, products are deployed in parallel.
  • Service actions
    • Define service actions using AWS Systems Manager documents.
    • Allow end-users to perform various tasks on your provisioned products without granting them full access.
  • AppRegistry
    • Create and manage application metadata from a central location.
    • Enable you to group and view all resource collections across AWS accounts you define.
    • Attribute groups
      • Defines the context of your applications and resources.
      • A JSON object that stores application metadata.
    • An AWS CloudFormation stack or a provisioned product can only be associated with one application.
    • You can use AWS RAM to share applications and attribute groups.

AWS Service Catalog Security

  • Service Catalog uses Amazon S3 buckets and Amazon DynamoDB databases that are encrypted at rest using Amazon-managed keys.
  • Service Catalog uses TLS and client-side encryption of information in transit between the caller and AWS.
  • Service Catalog integrates with AWS CloudTrail and Amazon SNS.

AWS Service Catalog Pricing

  • The AWS Service Catalog and AppRegistry free tier include 1,000 API calls per month.
  • You are charged based on the number of API calls made to Service Catalog beyond the free tier.

AWS Service Catalog Cheat Sheet References:

https://aws.amazon.com/servicecatalog/
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/introduction.html
https://docs.aws.amazon.com/servicecatalog/latest/userguide/end-user-console.html
https://aws.amazon.com/servicecatalog/pricing/
https://aws.amazon.com/servicecatalog/faqs/

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?