Overview of AppRegistry - AWS Service Catalog AppRegistry

Overview of AppRegistry

This section describes the key components that you use in AppRegistry.

Application resources

An application resource can be either an AWS Service Catalog provisioned product or an AWS CloudFormation stack. After you define the application, you can associate resources to it. You perform this action from either the application management account that you create with AppRegistry, or from the resource (or member) accounts of which the application has been shared.

You can use the AppRegistry API, AWS Command Line Interface (AWS CLI,) AWS CloudFormation resources, or CDK constructs to associate resources to the application. When you associate a resource from another account to the application, it behaves identically to a resource in the same account. You can also automate application resource associations and tagging in a continuous integration, continuous delivery (CI/CD) pipeline. Automation helps to ensure that the application definitions are always up-to-date.

You can associate an application resource with only one application. And you can add or remove resources from your application at any time.

For every application, AppRegistry creates a service-managed application resource group. An application resource group includes all of the resources in your application. It also creates a stack level resource group for every stack associated with the application. For more information, see Managing application definitions.

Attribute groups

An attribute group is an open JSON object that stores metadata for the application, as shown in this example.

{ "Team" : "WebTeam", "Department": "10006", "ParentDept": "Research", "ContactAlias": "research@team.com" }

You can associate a new or existing attribute group to an AppRegistry application.

When you update an attribute group definition, the update applies to every application associated with that attribute group.

You can call AppRegistry in your continuous integration, continuous delivery (CI/CD) processes to automate stack updates and metadata changes. This automation enables stakeholders to query various attribute groups to receive up-to-date information, such as cost center information or organizational ownership.

You can share attribute groups with an organizational account, unit, or organization. AppRegistry provides two share permission options for attribute groups: Allow associations and Read only.

Allow associations permission enables IAM principals in shared accounts to associate and disassociate the attribute group.

Read only permission enables IAM principals in shared accounts to view the attribute groups only. Only the account that created the attribute group can edit that group’s details.

After you select an option, the account, organizational unit, or organization can access the attribute group with the required permissions.

For more information, see Managing attribute groups.

Sharing across accounts

You can create an application in AppRegistry and share the application with other resource accounts in your organization.

Organizations with applications that span accounts can struggle to track and manage their application resources. For example, builders often separate application resources into accounts based on the application lifecycle, and deploy resources in four or more accounts to support development through production. Yet the builder’s team manages 10 applications and must track and manage resources in 50 other accounts. It can require tedious manual actions to view applications, monitor resource status, report application metadata in other accounts, and access resources in each account. However, AppRegistry provides one-step access to manage and share applications.

You create the applications AppRegistry in one account. You then share the application to the resource (or member) accounts that the application uses. You can integrate AppRegistry API, AWS CLI, or infrastructure as code (IaC) in the resource account so that it can associate the application resources. In the resource account, resources have application context. In the management account, all deployed resources across all accounts are visible and actionable.

Application resources contain application system tags across all accounts. Application context from the associated attribute groups is available in both management and resource accounts. The AppRegistry API, AWS CLI, AWS Management Console, and resource group provide consistent access to the application metadata and resources.

You can also share attribute groups with an account, organization unit, or organization.

For more information, see Sharing resources with accounts in your organization.


You can use tags to assign metadata to your AppRegistry applications and attribute groups.

You can create a maximum of 50 tags for an application or attribute group. You can categorize them by purpose, owner, environment, or other criteria.

You can access tags from Applications, Application details, Attribute groups, and Attribute group details.

AppRegistry contains internal tags that have a prefix of aws. We automatically add these tags, and you can’t remove them.

For more information, see Managing tags.

Video: Introduction to AppRegistry

This video (06:57) describes how to perform the following tasks in the console, command line interface (CLI), software development kit (SDK), and AWS CloudFormation template:

  • Create an application repository

  • Define and manage metadata

  • Group applications by attributes


Although the console view in the video differs slightly from the current console, you can still learn to perform these tasks successfully.