Delivering your AMI-based product using AWS CloudFormation - AWS Marketplace

Delivering your AMI-based product using AWS CloudFormation

AWS Marketplace sellers can list AMI-based products that are delivered to AWS Marketplace buyers by using AWS CloudFormation templates. You can use the templates to define a cluster or distributed architecture for the products or to select different AMI combinations or product configurations. The CloudFormation templates can be configured to deliver a single Amazon Machine Image (AMI) with associated configuration files and Lambda functions. Buyers can browse the selection of solutions on AWS Marketplace, buy with one click, and deploy by using CloudFormation templates that you provide.

Single AMI solutions can contain a maximum of three CloudFormation templates.

You can also include Lambda functions in a serverless application with your AMI so that buyers can deploy them through CloudFormation. For instructions on how to include Lambda functions and serverless applications with your AMI, see Adding serverless application components in this guide.

Building your product listing

To submit your product, you need to prepare and validate your AMIs, create your AWS CloudFormation templates, create an architectural diagram, complete the product load form, and submit the materials to AWS Marketplace. We recommend that you start by creating and validating your AMIs and then complete and validate the CloudFormation templates. After you complete those steps, you should create an architectural diagram and estimate the software and infrastructure price. AWS Marketplace validates your submission and works with you to make your product public. Use AWS Pricing Calculator to help estimate the infrastructure cost for your template.

Preparing your CloudFormation template

To build your CloudFormation templates, you must meet the template prerequisites and provide the required input and security parameters. When submitting your CloudFormation template, use the guidelines in the following sections.

Template prerequisites

  • Verify that the template is launched successfully through the AWS CloudFormation console in all AWS Regions enabled for your product. You can use the TaskCat tool to test your templates.

  • If you are creating a single-AMI product, the template must contain only one AMI.

  • AMIs must be in a mapping table for each Region. The AWS Marketplace team updates the AMI IDs after they're cloned. Your source AMI must be in us-east-1 and the other Regions can use placeholders. See the following YAML example.

    Mappings: RegionMap: us-east-1: ImageId: ami-0123456789abcdef0 us-west-1: ImageId: ami-xxxxxxxxxxxxxxxxx eu-west-1: ImageId: ami-xxxxxxxxxxxxxxxxx ap-southeast-1: ImageId: ami-xxxxxxxxxxxxxxxxx
  • AMIs included in your CloudFormation template must either be the AMI of the product you are publishing or an AWS-managed AMI such as the latest Amazon Linux 2. Don't include any community AMI or AMI owned and shared by you or any other third-party. To use an AWS-managed AMI, use public parameters in AWS Systems Manager Parameter Store instead of hardcoding AMI IDs. For example, within your CloudFormation template where you specify the AMI ID, you use a dynamic reference ImageId: '{{resolve:ssm:/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id}}'.

  • Build templates so that they do not depend on the use in a particular Availability Zone (AZ). Not all customers have access to all AZs, and AZs are mapped differently for different accounts.

  • You can include dependencies such as Lambda functions, configuration files, and scripts with your AMI. For more information, see Step 1: Create a serverless application.

  • If you're building a clustered solution using an Auto Scaling group, we recommend that you account for a scaling event. The new node should join the running cluster automatically.

  • Even for single-node products, we recommend using an Auto Scaling group.

  • If your solution involves a cluster of multiple instances, consider using placement groups if you want low network latency, high network throughput, or both among the instances.

  • If your solution involves Docker containers, you must incorporate the Docker images into the AMI.

  • For ease of review by the AWS Marketplace team and transparency to the customer, we recommend that you add comments in your UserData section.

Template input parameters

  • Input parameters to the template must not include the AWS Marketplace customer's AWS credentials (such as passwords, public keys, private keys, or certificates).

  • For sensitive input parameters such as passwords, choose the NoEcho property and enable stronger regular expression. For other input parameters, set the most common inputs along with appropriate helper text.

  • Use AWS CloudFormation parameter types for inputs where available.

  • Use AWS::CloudFormation::Interface to group and sort input parameters.

  • Don't set any default values for the following input parameters:

    Note

    Customers must provide these as input parameters.

    • Default CIDR ranges that allow ingress into remote access ports from the public internet

    • Default CIDR ranges that allow ingress into database connection ports from the public internet

    • Default passwords for users or databases

Network and security parameters

  • Ensure that the default SSH port (22) or RDP port (3389) isn't open to 0.0.0.0.

  • Instead of using the default virtual private cloud (VPC), we recommend that you build a VPC with appropriate access control lists (ACLs) and security groups.

  • Enable access to the customer's AWS environment by using an AWS Identity and Access Management (IAM) role to call AssumeRole from the AWS Security Token Service.

  • Set IAM roles and policies to grant the least privilege and enable write access only when absolutely necessary. For example, if your application needs only S3:GET, PUT, and DELETE operations, specify those actions only. We don't recommend the use of S3:* in this case.

After your template is received, AWS Marketplace validates the product configuration and information and provides feedback for any required revisions.

Getting the cost estimate for your template infrastructure

The infrastructure cost estimate for each template displayed to customers is based on an estimate that you provide by using AWS Pricing Calculator. The estimation should include the list of services to be deployed as part of the template, along with the default values for a typical deployment.

After you calculate the template's estimated monthly cost, provide AWS Marketplace with the Save and Share link for the US East (N. Virginia) Region. This is part of the submission process.

Architectural diagram

You must provide an architectural diagram for each template. To learn more about diagramming, see What is architecture diagramming?

The diagram must meet the following criteria:

  • Illustrate a standard deployment on AWS.

  • Depict logically where resources are deployed. For example, resources like Amazon EC2 instances are in the correct subnet.

  • Use the most current AWS product icons for each AWS service deployed through the AWS CloudFormation template. To download the current set of architecture icons, refer to AWS Architecture Icons.

  • Include metadata for all the services deployed by the AWS CloudFormation template.

  • Include all networks, VPCs, and subnets deployed by the AWS CloudFormation template.

  • Show integration points, including third party assets, APIs and on-premises, hybrid assets.

  • Diagrams must be 1100 x 700 pixels in size. Maintain original diagram proportions without stretching or cropping.

Meeting the submission requirements

To submit products delivered by using AWS CloudFormation templates, you must provide the following resources:

  • CloudFormation template or templates

    • A single-AMI product can have one to three CloudFormation templates

  • The estimated infrastructure price for the default configuration of each template

  • An architectural diagram and architectural metadata

  • Completed product form (available from the AWS Marketplace Management Portal)

The product forms include example submissions for your reference.

For each product, most of the required product data and metadata are the same as for traditional single-AMI products. Therefore, each AMI that is delivered by using an CloudFormation template must continue to meet the standards and requirements described for AWS Marketplace.

For each CloudFormation template, you must also provide the following information.

Field Description Restrictions
Title Title of the architecture. This appears on the detail and fulfillment pages and the pop-up that shows the architectural details. 50 characters
Short description This appears on the detail and fulfillment pages. 200 characters
Long description This appears in the architectural details pop-up. 2000 characters

For AMI-based delivery using CloudFormation products, the following fields are required:

  • Solution title

  • Solution short description

  • Solution long description

  • For CloudFormation templates (up to 3 per solution)

    • Deployment title (per template)

    • Short description (per template)

    • Long description (per template)

    • Architecture diagram (per template)

    • Infrastructure pricing estimate (per template)

    • List of products/components contained in this CloudFormation template

    • List of Regions supported by this CloudFormation template

Submitting your product request

Use the AWS Marketplace Management Portal to submit your product. On the Assets tab, choose File Upload. Upload files you want to submit and enter a brief description. Both YAML and JSON formats are supported. Allow three to five weeks for request processing, including:

  • Review of the CloudFormation template, AMI, and metadata for the AMI and CloudFormation template

  • Publication of your CloudFormation template to AWS Marketplace products