AMI-based delivery using AWS CloudFormation - AWS Marketplace

AMI-based delivery using AWS CloudFormation

AWS Marketplace sellers can list AMI-based products that are delivered to AWS Marketplace buyers by using AWS CloudFormation templates. You can use the templates to define a cluster or distributed architecture for the products or to select different AMI combinations or product configurations. The CloudFormation templates can be configured to deliver a single Amazon Machine Image (AMI) or multiple AMIs along with associated configuration files and Lambda functions. Buyers can browse the selection of solutions on AWS Marketplace, buy with one click, and deploy by using CloudFormation templates that you provide.

Multi-AMI solutions can contain up to 20 AMIs and up to 20 CloudFormation templates. Each CloudFormation template can reference any combination or subset of the AMIs contained in the solution. The buyer purchases a single solution that entitles them to all of the AMIs in that product. When the product has multiple AMIs, each AMI has its own unique product code and can be priced and metered separately. However, individual components of a solution aren't discoverable or procurable outside the context of the product.

If you have existing single-AMI products, you can't migrate or combine them into a new multi-AMI listing. However, your new solution can feature the same software or copies of AMIs used by existing products. Each listing created on AWS Marketplace is a listing with new product codes.

You can also include Lambda functions in a serverless application with your AMI so that buyers can deploy them through CloudFormation. For instructions on how to include Lambda functions and serverless applications with your AMI, see Adding serverless application components.

Building your product listing

To submit your product, you need to prepare and validate your AMIs, create your AWS CloudFormation templates, create an architectural diagram, complete the product load form, and submit the materials to AWS Marketplace. We recommend that you start by creating and validating your AMIs and then complete and validate the CloudFormation templates. After you complete those steps, you should create an architectural diagram and estimate the software and infrastructure price. AWS Marketplace validates your submission and works with you to make your product public. Use AWS Pricing Calculator to help estimate the infrastructure cost for your template. Provide AWS Marketplace with a link to your saved calculator configuration. The following are limitations of multi-AMI solution products:

  • Updating existing AWS Marketplace products from a standalone product to a multi-AMI product isn't supported. To make a product available in a multi-AMI product, copy the AMI and submit it as a component to a new multi-AMI product. The resulting AMI has a unique product code that's different from the previous product's code.

  • Multi-AMI solutions aren't visible on the AWS Marketplace tab of the Launch Instance page in the Amazon Elastic Compute Cloud (Amazon EC2) console.

  • A CloudFormation template must not launch AMIs outside of those listed in the multi-AMI solution.

  • CloudFormation templates must be submitted in the form of a public URL. All nested template URLs contained in the template must also be publicly accessible.

Preparing your CloudFormation template

To build your CloudFormation templates, you must meet the template prerequisites and provide the required input and security parameters. When submitting your CloudFormation template, use the guidelines in the following sections.

Template prerequisites

  • Verify that the template is launched successfully through the AWS CloudFormation console in all AWS Regions enabled for your product. You can use the TaskCat tool to test your templates.

  • If you are creating a single-AMI product, the template must contain only one AMI.

  • AMIs must be in a mapping table for each Region. The AWS Marketplace team updates the AMI IDs after they're cloned. Your source AMI must be in us-east-1 and the other Regions can use placeholders. See the following YAML example.

    Mappings: RegionMap: us-east-1: ImageId: ami-0123456789abcdef0 us-west-1: ImageId: ami-xxxxxxxxxxxxxxxxx eu-west-1: ImageId: ami-xxxxxxxxxxxxxxxxx ap-southeast-1: ImageId: ami-xxxxxxxxxxxxxxxxx
  • Build templates so that they do not depend on the use in a particular Availability Zone (AZ). Not all customers have access to all AZs, and AZs are mapped differently for different accounts.

  • You can include dependencies such as Lambda functions, configuration files, and scripts with your AMI. For more information, see Create a serverless application.

  • If you're building a clustered solution using an Auto Scaling group, we recommend that you account for a scaling event. The new node should join the running cluster automatically.

  • Even for single-node products, we recommend using an Auto Scaling group.

  • If your solution involves a cluster of multiple instances, consider using placement groups if you want low network latency, high network throughput, or both among the instances.

  • If your solution involves Docker containers, you must incorporate the Docker images into the AMI.

  • For ease of review by the AWS Marketplace team and transparency to the customer, we recommend that you add comments in your UserData section.

Template input parameters

  • Input parameters to the template must not include the AWS Marketplace customer's AWS credentials (such as passwords, public keys, private keys, or certificates).

  • For sensitive input parameters such as passwords, choose the NoEcho property and enable stronger regular expression. For other input parameters, set the most common inputs along with appropriate helper text.

  • Use AWS CloudFormation parameter types for inputs where available.

  • Use AWS::CloudFormation::Interface to group and sort input parameters.

  • Don't set any default values for the following input parameters:

    Note

    Customers must provide these as input parameters.

    • Default CIDR ranges that allow ingress into remote access ports from the public internet

    • Default CIDR ranges that allow ingress into database connection ports from the public internet

    • Default passwords for users or databases

Network and security parameters

  • Ensure that the default SSH port (22) or RDP port (3389) isn't open to 0.0.0.0.

  • Instead of using the default virtual private cloud (VPC), we recommend that you build a VPC with appropriate access control lists (ACLs) and security groups.

  • Enable access to the customer's AWS environment by using an AWS Identity and Access Management (IAM) role to call AssumeRole from the AWS Security Token Service.

  • Set IAM roles and policies to grant the least privilege and enable write access only when absolutely necessary. For example, if your application needs only S3:GET, PUT, and DELETE operations, specify those actions only. We don't recommend the use of S3:* in this case.

After your template is received, AWS Marketplace validates the product configuration and information and provides feedback for any required revisions.

Getting the cost estimate for your template infrastructure

The infrastructure cost estimate for each template displayed to customers is based on an estimate that you provide by using AWS Pricing Calculator. The estimation should include the list of services to be deployed as part of the template, along with the default values for a typical deployment.

After you calculate the template's estimated monthly cost, provide AWS Marketplace with the Save and Share link for the US East (N. Virginia) Region. This is part of the submission process.

Architectural diagram

You must provide an architectural diagram for each template. The diagram must meet the following criteria:

  • Illustrate standard deployment(s) on AWS

  • Use the AWS product icons for each AWS service deployed through the AWS CloudFormation template

  • Include metadata for all the services deployed by the AWS CloudFormation template

  • Include all networks, VPCs, and subnets deployed by the AWS CloudFormation template

  • Show integration points, including third party assets, APIs and on-premises, hybrid assets

  • Must be 1100 x 700 pixels in size

    Note

    Make sure that your diagram meets this sizing requirement to avoid cropping or stretching, as shown in the following image.

Meeting the submission requirements

To submit products delivered by using AWS CloudFormation templates, you must provide the following resources:

  • CloudFormation template or templates

    • A single-AMI product can have one to three CloudFormation templates

    • A multi-AMI product can have up to 20 CloudFormation templates

  • The estimated infrastructure price for the default configuration of each template

  • An architectural diagram and architectural metadata

  • Completed product form (available from the AWS Marketplace Management Portal)

The product forms include example submissions for your reference.

For each product, most of the required product data and metadata are the same as for traditional single-AMI products. Therefore, each AMI that is delivered by using an CloudFormation template must continue to meet the standards and requirements described for AWS Marketplace.

For each CloudFormation template, you must also provide the following information.

Field Description Restrictions
Title Title of the architecture. This appears on the detail and fulfillment pages and the pop-up that shows the architectural details. 50 characters
Short description This appears on the detail and fulfillment pages. 200 characters
Long description This appears in the architectural details pop-up. 2000 characters

For multi-AMI products, the following fields are required:

  • Solution title

  • Solution short description

  • Solution long description

  • For CloudFormation templates (up to 20 per solution)

    • Deployment title (per template)

    • Short description (per template)

    • Long description (per template)

    • Architecture diagram (per template)

    • Infrastructure pricing estimate (per template)

    • List of products/components contained in this CloudFormation template

    • List of Regions supported by this CloudFormation template

Submitting your product request

Use the AWS Marketplace Management Portal to submit your product. On the Assets tab, choose File Upload. Upload any files you want to submit and enter a brief description. Allow three to five weeks for request processing, including:

  • Review of the CloudFormation template, AMI, and metadata for the AMI and CloudFormation template

  • Publication of your CloudFormation template to AWS Marketplace products