2.4 Deploy as an End User

So far we have done the following:

  • Created a Product that Deploys a Single EC2 Instance
  • Created a Portfolio with constraints on how the product can be launched and by whom
  • Created self-service Actions that allow End Users to reboot the instance, and install Nginx

We have also created all these abilities to run under roles we have defined, so that our end user’s do not need more access or privileges other than to Service Catalog. Now, lets switch to an end user role and test out what we have setup.

Switch to End User Role

  1. If you didnt grab the URL when we grabbed setting from SSM Parameter store, go to the Cloud9 IDE or connect via Session Manager again and run the command in the next code block. Copy the URL and enter into your web browser it into your web browser. This will open a “Switch Role” page, click on Switch Role

      aws ssm get-parameters --names SwitchRoleSCEndUser --query 'Parameters[0].[Value]' --output text --region eu-west-1
    1. Once we have switched roles, let’s go back to the Service Catalog Console. Notice that the Service Catalog Console has less options available. Click on Product List, the select the product drop down and click on Launch Product
    2. Give our deloyment a Name, click Next
    3. Under the parameters section, note that we only have one VPC available and only the private subnets available to choose. Set your parameters and click Next. You can go to http://checkip.amazonaws.com/ to find our your IP address and restrict the source accordingly.
    4. We can click next through the next two screens, and on the “Review” page click on Launch
    5. We can see that our Launch is in Progress, we can hit the refresh button to get updates. Once that switches to “Succeeded”, our EC2 instances have been deployed and we can move on to the next section.

    Install Nginx with Self-Service Action

    1. Once the product deployment succeeded, we can click on the Actions drop down on the upper right side, and select Install-Nginx. This self-service Action will kick off the Automation Document we created earlier.
    2. Click on Run Action on the pop-up window.
    3. As before we can wait until we see that the task succeeded. You can also switch back to the TeamRole and head to AWS Systems Manager, and check the Automation Execution.

    Restart the Instance

    1. Once the Install-Nginx action succeeded, we can click on the Actions drop down again and select AWS-Restartx. This Self-Service Action will restart our EC2 Instance.
    2. Click on Run Action on the pop-up window.
    3. As before we can wait until we see that the task succeeded. You can also switch back to the TeamRole and head to AWS Systems Manager, and check the Automation Execution.

    While logged on as the Service Catalog End User to execute something in AWS Systems Manager or another service. You will not be able to do anything except through Service Catalog.

    Review

    We started this section with a set of Objectives that we needed to provide to our End Users, let’s review if we were able to satisfy them.

    • Provide groups the ability to deploy instances for testing purposes (
    • Yes, through Service Catalog Product & Portfolio
    • Give groups the minimals set of Privileges to AWS Services
    • Yes, through Service Catalog Product & Portfolio
    • Groups can only deploy into specifc VPCs
    • Yes, through Launch Constraints
    • Groups can only deploy into Private Subnets
    • Yes, through Launch Constraints
    • Groups can only utilize t3 instance types for testing
    • Yes, through Launch Constraints
    • Ability to reboot instances
    • Yes, through Self-Service Actions
    • Ability to install software on instances
    • Yes, through Self-Service Actions

    In this workshop we became familiar with five of the services in the AWS Management and Governance Tools set. Using these tools we were able to perform Infracstructure as Code, Automation, Auditing and Governance.

    Hope you enjoyed the workshop, any questions please let us know and dont forget to fill out the survey. Thank you for attending.