2.3 Create Self-Service Actions

AWS Service Catalog Self-Service Actions

AWS Service Catalog enables you to reduce administrative maintenance and end-user training while adhering to compliance and security measures. With self-service actions, as the administrator you can enable end users to perform operational tasks, troubleshoot issues, run approved commands, or request permissions in AWS Service Catalog. You use AWS Systems Manager documents to define self-service actions. The AWS Systems Manager documents provide access to pre-defined actions that implement AWS best practices, such as Amazon EC2 stop and reboot, and you can define custom actions too.

In this lab we are going to enabled two different Self-Service Actions for our end users:

  • Ability to reboot instances
  • Ability to install software on instances

Ability to reboot instances

The first ability we will provide through self-service actions is to give end-users the ability to reboot instances. There is already an AWS Managed Automation Document that provides this ability called AWS-RestartEC2Instance.

  1. In the Service Catalog console let’s click on Service Actions on the left side menu.
  2. Once at the Service actions console let’s click on Create new action Button
  3. Then we will select the AWS-RestartEC2Instance document and click Next
  4. We now need to configure how the document will run and appear from Service Catalog, we will keep the defaults for the Actions details specifications section.
  5. We now want to specify the role the document will assume when its ran. Select the role named MGT312EC2InstanceRole This is how you can ensure your end user does not need more privileges, but the document will have the needed privileges to execute the action. and click on Create action
    • Note that in a production scenario, the selected role should be a least privilege role.
  6. Now that we have created a Service Action, lets associate it to our product. With AWS-RestartEC2Instance selected click on Associate action.
  7. Finally lets select our SingleEC2Linux product. We also want to select version we want to associate the action with, in this case the initial version. Then click Associate action, and now we have associated this action with our product.

There is another document that we have pre-populated for that installs blah, update this once that is available.

Ability to Install Software

Next we will provide through self-service actions is the ability to install nginx. We have already created an Automation document named nginxinstall.

  1. In the Service Catalog console let’s click on Service Actions on the left side menu.
  2. Once at the “Service actions” console let’s click on Create new action button
  3. Change to Custom Documents and then we will select the nginxinstall document and click Next
  4. We now need to configure how the document will run and appear from Service Catalog, match the next screenshot.
  5. We now want to specify the role the document will assume when its ran. Select the role named MGT312EC2InstanceRole This is how you can ensure your end user does not need more privileges, but the document will have the needed privileges to execute the action. and click on Create action
    • Note that in a production scenario, the selected role should be a least privilege role.
  6. Now that we have created a Service Action, lets associate it to our product. With Install-Nginx selected click on Associate action.
  7. Finally lets select our SingleEC2Linux product. We also want to select version we want to associate the action with, in this case the initial version. Then click Associate action, and now we have associated this action with our product.

Now that we have created a product, portfolio, constraints and self-service actions let’s test it all out as end-user.

Review

We have added actions that our End Users can self-service using AWS Systems Manager Automation Documents. Besides installing software we could also include operational playbook Automation documents that fix common issues within our environment. Empowering our end user through Automation, means less tickets or requests coming to our teams. Let’s test all this in the next section.