Aws Service Catalog

Hands-On

Demo

Step 1: Create IAM Roles for Service Catalog

Create role

Add permissions

AWSServiceCatalogAdminFullAccess

Attach policy to ServiceCatalogLaunchRole

PowerUserAccess

Name, review, and create

ServiceCatalogLaunchRole

Select trusted entities

Add permissions

Create an End User Role

Add permissions

AWSServiceCatalogEndUserFullAccess

Name, review, and create

ServiceCatalogEndUser

Step 1: Select trusted entities

Step 2: Add permissions

Step 2: Create a Service Catalog Portfolio 

Development Environment Portfolio

Create portfolio

Standardized development environments for engineering teams
IT Operations Team

Manage tags

Step 3: Create a CloudFormation Template for the Product 

AWSTemplateFormatVersion: '2010-09-09'
Description: 'Development EC2 Instance - Service Catalog Product'

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: "Instance Configuration"
      Parameters:
      - InstanceType
      - KeyPairName
    - Label:
        default: "Environment Settings"
      Parameters:
      - EnvironmentName
    ParameterLabels:
      InstanceType:
        default: "EC2 Instance Type"
      KeyPairName:
        default: "SSH Key Pair"
      EnvironmentName:
        default: "Environment Name"

Parameters:
  InstanceType:
    Type: String
    Default: t3.micro
    AllowedValues:
    - t2.micro
    - t2.small
    - t3.micro
    - t3.small
    Description: EC2 instance type for development environment

  EnvironmentName:
    Type: String
    Default: Development
    Description: Environment name tag for the instance
    MinLength: 1
    MaxLength: 50

  KeyPairName:
    Type: AWS::EC2::KeyPair::KeyName
    Description: Name of an existing EC2 KeyPair to enable SSH access
    ConstraintDescription: Must be the name of an existing EC2 KeyPair

Mappings:
  RegionMap:
    us-east-1:
      AMI: ami-00ca32bbc84273381 # Amazon Linux 2023
    us-west-1:
      AMI: ami-0e0ece251c1638797 # Amazon Linux 2023
    us-west-2:
      AMI: ami-002829755fa238bfa # Amazon Linux 2023
    us-east-2:
      AMI: ami-024e6efaf93d85776 # Amazon Linux 2023
    eu-west-1:
      AMI: ami-0b9fd8b55a6e3c9d5 # Amazon Linux 2023
    eu-central-1:
      AMI: ami-0669b163befffbdfc # Amazon Linux 2023
    ap-southeast-1:
      AMI: ami-0464f90f5928bccb8 # Amazon Linux 2023
    ap-northeast-1:
      AMI: ami-089a156ea4f52a0a3 # Amazon Linux 2023

Resources:
  DevelopmentSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for development EC2 instance
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp: 0.0.0.0/0
      Tags:
      - Key: Name
        Value: !Sub ${EnvironmentName}-SecurityGroup
      - Key: Environment
        Value: !Ref EnvironmentName

  DevelopmentInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref InstanceType
      ImageId: !FindInMap [ RegionMap, !Ref 'AWS::Region', AMI ]
      KeyName: !Ref KeyPairName
      SecurityGroups:
      - !Ref DevelopmentSecurityGroup
      Tags:
      - Key: Name
        Value: !Sub ${EnvironmentName}-Instance
      - Key: Environment
        Value: !Ref EnvironmentName
      - Key: ManagedBy
        Value: ServiceCatalog
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash
          dnf update -y
          dnf install -y httpd
          systemctl start httpd
          systemctl enable httpd
          echo "<h1>Development Environment - ${EnvironmentName}</h1>" > /var/www/html/index.html
          echo "<p>Instance Type: ${InstanceType}</p>" >> /var/www/html/index.html
          echo "<p>Region: ${AWS::Region}</p>" >> /var/www/html/index.html

Outputs:
  InstanceId:
    Description: Instance ID of the development EC2 instance
    Value: !Ref DevelopmentInstance

  PublicIP:
    Description: Public IP address of the instance
    Value: !GetAtt DevelopmentInstance.PublicIp

  WebURL:
    Description: URL to access the web server
    Value: !Sub 'http://${DevelopmentInstance.PublicIp}'

Step 4: Create a Service Catalog Product

Create product

Development EC2 Instance

Create product

Pre-configured EC2 instance for development purposes with security group and web server
IT Operations

Version details

Support details

it-support@company.com
https://wiki.company.com/service-catalog

Manage tags

Product created successfully

Portfolios

Add product to portfolio

Add Product to Development Environment Portfolio

Create constraint

Constraint type

Select IAM role

Successfully created constraint

Access

IAM - Create user

ServiceCatalog TestUser

Console password

Set permissions

AWSServiceCatalogEndUserFullAccess

Review and create

User created successfully

Add users

Grant access

Login as End User

Go to Service Catalog

Launch product

MyDevEnvironment-001

Launch product

Heading 1

Heading 2

Heading 3

Regular Text

Learn the fundamentals and find valuable information to get the most out of AWS.
Formatted Text

Code Text
cat > test_memorydb.py << EOF
import redis
import json
import sys
from datetime import datetime

# Check for command line argument
if len(sys.argv) != 2:
    print("Usage: python3 test_memorydb.py <your-cluster-endpoint>")
    print("Example: python3 test_memorydb.py memorydb-demo-cluster.abc123.memorydb.us-east-1.amazonaws.com")
    sys.exit(1)

cluster_endpoint = sys.argv[1]

# Configure connection
try:
    r = redis.Redis(
        host=cluster_endpoint,
        port=6379,
        ssl=True,
        decode_responses=True
    )
    
    # Test connection
    r.ping()
    print(f"✓ Successfully connected to MemoryDB cluster: {cluster_endpoint}")
    
except redis.ConnectionError as e:
    print(f"✗ Failed to connect to {cluster_endpoint}")
    print(f"Error: {e}")
    print("\nPlease check:")
    print("  - Cluster endpoint is correct")
    print("  - Security group allows port 6379 from this instance")
    print("  - Instance and cluster are in the same VPC")
    sys.exit(1)

# Session management example
def create_session(user_id, username):
    session_data = {
        'user_id': user_id,
        'username': username,
        'login_time': datetime.now().isoformat()
    }
    # Store session with 30-minute expiration
    r.setex(f'session:{user_id}', 1800, json.dumps(session_data))
    print(f"✓ Session created for {username}")

def get_session(user_id):
    session = r.get(f'session:{user_id}')
    if session:
        return json.loads(session)
    return None

# Test the functions
print("\n--- Testing Session Management ---")
create_session('user001', 'alice')
session = get_session('user001')
print(f"✓ Retrieved session: {session}")

# Cache example with automatic expiration
print("\n--- Testing Cache with TTL ---")
r.setex('cache:api_response', 300, json.dumps({'data': 'cached response'}))
print(f"✓ Cache created with TTL: {r.ttl('cache:api_response')} seconds")

# Additional tests for data persistence
print("\n--- Testing Data Persistence ---")
r.set('persistent:data', 'This will survive a failover')
print(f"✓ Persistent data stored")

# Test various data structures
print("\n--- Testing Redis Data Structures ---")

# Hash
r.hset('user:1001', mapping={
    'name': 'Alice',
    'email': 'alice@example.com',
    'lastLogin': datetime.now().isoformat()
})
print(f"✓ Hash created: {r.hgetall('user:1001')}")

# List
r.lpush('recent:logins', 'user001', 'user002', 'user003')
print(f"✓ List created: {r.lrange('recent:logins', 0, -1)}")

# Set
r.sadd('active:users', 'alice', 'bob', 'charlie')
print(f"✓ Set created with {r.scard('active:users')} members")

print("\n✓ All tests completed successfully!")
EOF

🙏

Thanks

for

Watching