Enterprise Blueprint Factory architecture

An infrastructure as code (IaC) template, also called a blueprint, is a configuration file that helps you provision and manage cloud resources. A blueprint might provision a single resource, or it might provision the architecture for a complex, multi-tier application. IaC is designed to help you centralize infrastructure management, standardize resources, and scale quickly.

The Enterprise Blueprint Factory helps you streamline the creation, validation, publishing, distribution, and consumption of blueprints across your organization. In addition to providing an architectural overview, this section reviews the architectural components of the solution and the blueprint life cycle.

When you release a blueprint through the Enterprise Blueprint Factory, the blueprint becomes a product in AWS Service Catalog. You collect products into one or more portfolios and then grant permissions that allow end users to access the products in that portfolio. You can use a portfolio share to allow a Service Catalog administrator for another AWS account to distribute your products to end users.

The following diagram shows a high-level overview of the Enterprise Blueprint Factory architecture. This workflow releases the blueprint as a product in Service Catalog. It also creates or updates the portfolios and portfolio shares in order to make the blueprint available to the target end users.

The components and flow of the Enterprise Blueprint Factory solution.

This diagram shows the following workflow:

A developer builds the blueprint. They create a feature branch in the product repository, push the blueprint to the branch, and then create a pull request. A blueprint administrative team and security team review the pull request to make sure that the blueprint meets organizational and security requirements. These teams approve the pull request. The developer merges the feature branch into the main branch. For more information, see Product repository in this guide.
The developer adds or updates the blueprint information in the config file that is located the configuration repo. For more information, see Configuration repository and Configuration file in this guide.
The update to the config file invokes the configuration pipeline. This pipeline uses AWS CodePipeline and AWS CodeBuild projects to create or update the Service Catalog portfolios and portfolio shares. It also creates a release pipeline for the blueprint. For more information, see Configuration pipeline in this guide.
The release pipeline performs various security checks on the blueprint. If the blueprint passes, the release pipeline deploys the blueprint as a product in Service Catalog. For more information, see Release pipeline in this guide.
By accessing the product through portfolios and portfolio shares, end users deploy the blueprint in their target consumer accounts.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Introduction

Components