Configuring AWS Service Catalog - AWS Service Catalog

Configuring AWS Service Catalog

After you create two IAM users with baseline permissions in each account, the next step is to configure AWS Service Catalog. This section describes how to configure AWS Service Catalog to have a portfolio with an Amazon S3 bucket product. Use the Amazon S3 template in Creating an Amazon S3 Bucket for Website Hosting for your preliminary product. Copy and save the Amazon S3 template to your device.

To configure AWS Service Catalog

  1. Create a portfolio by following the steps at Create an AWS Service Catalog Portfolio.

  2. To add the Amazon S3 bucket product to the portfolio you just created, in the AWS Service Catalog console, on the Upload new product page, enter product details.

  3. For Select template, choose the Amazon S3 bucket AWS CloudFormation template you saved to your device.

  4. Set Constraint type to Launch for the product that you created now with the SCConnectLaunch role in the baseline permissions. For additional launch constraint instructions, see AWS Service Catalog Launch Constraints.

    Note

    The AWS configuration design requires each AWS Service Catalog product to have a launch constraint. Failure to follow this step can result in an “Unable to Retrieve Parameter” message in the ServiceNow Service Catalog.

  5. Add the SnowEndUser IAM role to the AWS Service Catalog portfolio. For additional user access instructions, see Granting Access to Users.

Note

The AWS configuration design requires each AWS Service Catalog product to have either a launch constraint or a stack set constraint. Failure to follow this step may result in an “Unable to Retrieve Parameter” error within ServiceNow Service Catalog.

Creating Stack Set Constraints

AWS CloudFormation StackSets enable users to create and deploy products across multiple accounts and regions.

To apply a stack set constraint to an AWS Service Catalog product

  1. Go to AWS Service Catalog as a catalog admin.

  2. Choose the portfolio that contains the product.

  3. Expand Constraints and choose Add constraints.

  4. Choose the product from Product and set Constraint type to Stack Set. Choose Continue.

  5. On the Stack Set constraint page, enter a description.

  6. Choose the account(s) in which you want to create products.

  7. Choose the region(s) in which you want to deploy products. Products deploy in these regions in the order you specify.

  8. Choose AWSCloudFormationStackSetAdministrationRole to manage your target accounts.

  9. Choose AWSCloudFormationStackSetExecutionRole for the role the Administrator will assume.

  10. Choose Submit.

Note that the Connector for ServiceNow v3.0.5 - AWS Commercial Regions and Connector for ServiceNow v3.0.5 - AWS GovCloud Regions templates create the permissions as well as outputs needed for stack set constraints. Example stack set outputs:

SCStackSetAdministratorRoleARN arn:aws:iam::123456789123:role/AWSCloudFormationStackSetAdministrationRole SCIAMStackSetExecutionRoleName AWSCloudFormationStackSetExecutionRole SCIAMAdminRoleARN arn:aws:iam::123456789123:role/AWSCloudFormationStackSetAdministrationRole
Note

Replace the 123456789123 with your account information.

Relating Budgets to Products and Portfolios

The Connector for ServiceNow enables ServiceNow administrators to view budgets related to AWS Service Catalog products and portfolios. AWS Service Catalog administrators can create or associate existing budgets to products and portfolios.

For more information on creating and associating budgets, see Managing Budgets.