Aws Service Catalog
Hands-On
Demo

Step 1: Create IAM Roles for Service Catalog

Create role

Add permissions
AWSServiceCatalogAdminFullAccess

Attach policy to ServiceCatalogLaunchRole
PowerUserAccess

Name, review, and create
ServiceCatalogLaunchRole

Select trusted entities

Add permissions
Create an End User Role


Add permissions
AWSServiceCatalogEndUserFullAccess

Name, review, and create
ServiceCatalogEndUser

Step 1: Select trusted entities

Step 2: Add permissions
Step 2: Create a Service Catalog Portfolio



Development Environment Portfolio
Create portfolio
Standardized development environments for engineering teams
IT Operations Team

Manage tags
Step 3: Create a CloudFormation Template for the Product
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Development EC2 Instance - Service Catalog Product'
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: "Instance Configuration"
Parameters:
- InstanceType
- KeyPairName
- Label:
default: "Environment Settings"
Parameters:
- EnvironmentName
ParameterLabels:
InstanceType:
default: "EC2 Instance Type"
KeyPairName:
default: "SSH Key Pair"
EnvironmentName:
default: "Environment Name"
Parameters:
InstanceType:
Type: String
Default: t3.micro
AllowedValues:
- t2.micro
- t2.small
- t3.micro
- t3.small
Description: EC2 instance type for development environment
EnvironmentName:
Type: String
Default: Development
Description: Environment name tag for the instance
MinLength: 1
MaxLength: 50
KeyPairName:
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an existing EC2 KeyPair to enable SSH access
ConstraintDescription: Must be the name of an existing EC2 KeyPair
Mappings:
RegionMap:
us-east-1:
AMI: ami-00ca32bbc84273381 # Amazon Linux 2023
us-west-1:
AMI: ami-0e0ece251c1638797 # Amazon Linux 2023
us-west-2:
AMI: ami-002829755fa238bfa # Amazon Linux 2023
us-east-2:
AMI: ami-024e6efaf93d85776 # Amazon Linux 2023
eu-west-1:
AMI: ami-0b9fd8b55a6e3c9d5 # Amazon Linux 2023
eu-central-1:
AMI: ami-0669b163befffbdfc # Amazon Linux 2023
ap-southeast-1:
AMI: ami-0464f90f5928bccb8 # Amazon Linux 2023
ap-northeast-1:
AMI: ami-089a156ea4f52a0a3 # Amazon Linux 2023
Resources:
DevelopmentSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for development EC2 instance
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-SecurityGroup
- Key: Environment
Value: !Ref EnvironmentName
DevelopmentInstance:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref InstanceType
ImageId: !FindInMap [ RegionMap, !Ref 'AWS::Region', AMI ]
KeyName: !Ref KeyPairName
SecurityGroups:
- !Ref DevelopmentSecurityGroup
Tags:
- Key: Name
Value: !Sub ${EnvironmentName}-Instance
- Key: Environment
Value: !Ref EnvironmentName
- Key: ManagedBy
Value: ServiceCatalog
UserData:
Fn::Base64: !Sub |
#!/bin/bash
dnf update -y
dnf install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Development Environment - ${EnvironmentName}</h1>" > /var/www/html/index.html
echo "<p>Instance Type: ${InstanceType}</p>" >> /var/www/html/index.html
echo "<p>Region: ${AWS::Region}</p>" >> /var/www/html/index.html
Outputs:
InstanceId:
Description: Instance ID of the development EC2 instance
Value: !Ref DevelopmentInstance
PublicIP:
Description: Public IP address of the instance
Value: !GetAtt DevelopmentInstance.PublicIp
WebURL:
Description: URL to access the web server
Value: !Sub 'http://${DevelopmentInstance.PublicIp}'
Step 4: Create a Service Catalog Product

Create product

Development EC2 Instance
Create product
Pre-configured EC2 instance for development purposes with security group and web server
IT Operations

Version details

Support details
it-support@company.com
https://wiki.company.com/service-catalog

Manage tags

Product created successfully

Portfolios

Add product to portfolio

Add Product to Development Environment Portfolio


Create constraint

Constraint type

Select IAM role

Successfully created constraint

Access

IAM - Create user

ServiceCatalog TestUser

Console password

Set permissions
AWSServiceCatalogEndUserFullAccess

Review and create

User created successfully

Add users

Grant access

Login as End User

Go to Service Catalog

Launch product

MyDevEnvironment-001
Launch product























































Heading 1
Heading 2
Heading 3
Regular Text
Learn the fundamentals and find valuable information to get the most out of AWS.
Formatted Text
Code Text
cat > test_memorydb.py << EOF
import redis
import json
import sys
from datetime import datetime
# Check for command line argument
if len(sys.argv) != 2:
print("Usage: python3 test_memorydb.py <your-cluster-endpoint>")
print("Example: python3 test_memorydb.py memorydb-demo-cluster.abc123.memorydb.us-east-1.amazonaws.com")
sys.exit(1)
cluster_endpoint = sys.argv[1]
# Configure connection
try:
r = redis.Redis(
host=cluster_endpoint,
port=6379,
ssl=True,
decode_responses=True
)
# Test connection
r.ping()
print(f"✓ Successfully connected to MemoryDB cluster: {cluster_endpoint}")
except redis.ConnectionError as e:
print(f"✗ Failed to connect to {cluster_endpoint}")
print(f"Error: {e}")
print("\nPlease check:")
print(" - Cluster endpoint is correct")
print(" - Security group allows port 6379 from this instance")
print(" - Instance and cluster are in the same VPC")
sys.exit(1)
# Session management example
def create_session(user_id, username):
session_data = {
'user_id': user_id,
'username': username,
'login_time': datetime.now().isoformat()
}
# Store session with 30-minute expiration
r.setex(f'session:{user_id}', 1800, json.dumps(session_data))
print(f"✓ Session created for {username}")
def get_session(user_id):
session = r.get(f'session:{user_id}')
if session:
return json.loads(session)
return None
# Test the functions
print("\n--- Testing Session Management ---")
create_session('user001', 'alice')
session = get_session('user001')
print(f"✓ Retrieved session: {session}")
# Cache example with automatic expiration
print("\n--- Testing Cache with TTL ---")
r.setex('cache:api_response', 300, json.dumps({'data': 'cached response'}))
print(f"✓ Cache created with TTL: {r.ttl('cache:api_response')} seconds")
# Additional tests for data persistence
print("\n--- Testing Data Persistence ---")
r.set('persistent:data', 'This will survive a failover')
print(f"✓ Persistent data stored")
# Test various data structures
print("\n--- Testing Redis Data Structures ---")
# Hash
r.hset('user:1001', mapping={
'name': 'Alice',
'email': 'alice@example.com',
'lastLogin': datetime.now().isoformat()
})
print(f"✓ Hash created: {r.hgetall('user:1001')}")
# List
r.lpush('recent:logins', 'user001', 'user002', 'user003')
print(f"✓ List created: {r.lrange('recent:logins', 0, -1)}")
# Set
r.sadd('active:users', 'alice', 'bob', 'charlie')
print(f"✓ Set created with {r.scard('active:users')} members")
print("\n✓ All tests completed successfully!")
EOF
🙏
Thanks
for
Watching
AWS Service Catalog - Hands-On Demo
By Deepak Dubey
AWS Service Catalog - Hands-On Demo
AWS Service Catalog - Hands-On Demo
- 5