As incumbent enterprises move to the cloud, questions arise how transform the legacy IT culture to maximize the agility and flexibility AWS provides. Speed and dexterity must be implemented in a consistent manner, minimizing the impact to the organizational structure, but taking into account the existing skill sets and knowledge base. With AWS Service Catalog, you can manage commonly deployed AWS CloudFormation template versions, enable controlled self-provisioning, and leverage those same products in your automated deployment pipelines to AWS. In this session, developers, operations leads, architects, and IT managers learn how to leverage AWS Service Catalog and AWS CloudFormation to transform IT culture to maximize the agility, flexibility, and value that the AWS platform provides. Additionally, John Wiley & Sons, a 200-year-old enterprise, demonstrates how AWS Professional Services helped them balance the velocity achieved by moving to AWS with a structured governance model to deploy their cloud infrastructure and application code.

1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shahbaz Alam – Manager, AWS Professional Services
Peter Marney – SVP, Chief Product Technology Officer, John Wiley & Sons
Mahdi Sajjadpour – Senior Consultant, AWS Professional Services
December 1, 2016
DEV321
Enabling DevOps for an Enterprise
with AWS Service Catalog
The John Wiley & Sons Journey with AWS ProServe

2. What to Expect from the Session
• Understand how AWS CloudFormation and AWS Service Catalog
can be leveraged to balance control and agility.
• AWS Service Catalog Best Practices.
• Understand how to replicate the pattern used by John Wiley & Sons
to help transform your company.

3. AWS CloudFormation

4. AWS CloudFormation Concepts and Technology
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Framework
Stack creation
Stack updates
Error detection and rollback
Configured AWS resources
Comprehensive service support
Service event aware
Customizable
Template CloudFormation Stack

5. AWS CloudFormation Benefits
• Version control/replicate/update the templates like
application code
• Integrates with development, CI/CD, management tools
• No additional charge to use

6. Infrastructure as Code Workflow
Code
Version
Control
Code
Review
Integrate Deploy

7. Infrastructure as Code Workflow
Code
Version
Control
Code
Review
Integrate Deploy
Text Editor
Git/SVN/
Perforce
Review
Tools
Syntax
Validation
Tools
AWS
Services

8. Infrastructure as Code Workflow
Code
Version
Control
Code
Review
Integrate Deploy
“It’s all software”
Text Editor
Git/SVN/
Perforce
Review
Tools
Syntax
Validation
Tools
AWS
Services

9. What do customers tell us about Asset
Management Deployment?
1. Define the resources and
landscapes where software
and application are
deployed
2. ‘Approve once and deploy
many’
3. Enable self service deploy
with confidence
4. Automate deployments

10. AWS Service Catalog
Built to manage approved templates and control access to them

11. AWS Service Catalog
AWS Service Catalog allows organizations to create and manage catalogs of
IT services. It enables users to quickly deploy approved IT services they need
in a self-service manner.
Administrator Users
Control
Standardization
Governance
Agility
Self-service
Time to market

12. AWS Service Catalog – A Few Terms to Note
Product
Portfolio Stack
Constraint
an IT service that you
want to make available
for deployment on AWS.
a collection of products,
together with configuration
information.
restrict the ways that specific
AWS resources can be
deployed for a product
every AWS Service Catalog
product is launched as an AWS
CloudFormation stack

13. AWS Service Catalog Overview
Enable
• 11 User API methods
• 37 Admin API methods
• Share products across Portfolios and AWS Accounts
Orchestrate
• Version Products
• Limit console access
• Provide various levels of user access
Automate
• Launch constraints
• Template constraints

14. Creates portfolio and
assigns product portfolio
1
Administrator
Adds constraints, grant access
and add tags
4
2 Creates
product
Authors
template
Administrator Interaction
ProductX
Versions
Portfolio BPortfolio A
• Users and Roles
• Constraints
• Tags
Service Catalog
3
DevOps
Automation

15. Opportunities to Strengthen the Handshake
User generated
products to foster
innovation
Back-end micro-services
acting on the stacks
Administrator
Products

16. Browse
Products
5
4
3
2
1
Portfolio
Cloud
Consumers
Select version,
Provision
Product,
configure
parametersDeploy
Notifications
and outputs
Notifications and outputs
4
Scheduled
functions
Administrator
Cloud Consumer Interaction

17. AWS Service Catalog Benefits for Enterprises
• One-stop shop for end users
• Simple user access controls to the entire AWS platform
• Built-in governance
• Granular controls on CloudFormation templates
• Version control on products
Access and Governance:
• Reusability of Products across AWS Accounts
• API/CLI and console access
• Tagging enforcement
Reusability and Automation

49. Why AWS Service Catalog for Wiley?
Standardize
Enforce Consistency
Limit Access
Enforce Tagging, Security Groups
One-Stop Shop
Automate Deployments
Agile Governance

50. Wiley AWS Service Catalog
Implementation

51. Infrastructure Meets Application Needs
web app cache database
Application A
Web Tier App Tier Cache Tier DB Tier
web server app server cache cluster database
Portfolio
Tier AlignmentAccess Alignment

52. How Did We Approach the Environment?
- Design the Infrastructure to meet the Application
- Security and Separation at multiple levels:
- Application Level
- Application Tier Level
- Functional/Access Level
- Security/Network alignment with Application Design

53. App Stack Deployment Model

54. Concrete
Application
Infrastructure
Environment Configuration
Application Deployment
AWS
Service Catalog
AWS
CloudFormation
AWS
CloudFormation
DevelopmentTeamOperationsTeam
Automation/ReleaseMgmt.Team

55. Developer Experience

56. Developer Experience
- Single product launch
- Application stack launch

57. Developer
Find
Product
AWS
Service Catalog
Non-Prod Workflow
web
app
db
webAWS
CloudFormation
AWS Lambda
Launch Web
Server
Launch a Server
Amazon Route
53 hosted
zone
Amazon
CloudWatch
Events
Amazon
SNS
ITSM
Processes
Amazon
CloudWatch
Review
Metrics

58. AWS
Service Catalog
AWS
CloudFormation
APPLICATION LOGIN PAGE
Application Deployment
Environmental Configuration
Developer
Launch an App Stack
Infrastructure Deployment
AWS Service Catalog CLI

59. Leverage the CLI to Provision a Product
]$ aws servicecatalog search-products
(list all products)
]$ aws servicecatalog describe-product --id prod-XXXXXX
(this gets the provisioning artifact ID)
]$ aws servicecatalog list-launch-paths --product-id prod-
XXXXXX
(this gets the path ID)
]$ aws servicecatalog describe-provisioning-parameters --
product-id prod-XXXXX --provisioning-artifact-id
checkUpdateVersion-12345678900 --path-id lp-YYYYYY
(this uses the provisioning artifact ID and path ID, and gets the parameters)

60. Launch a Product with the CLI
]$ aws servicecatalog provision-product --
product-id prod-XXXXX --provisioning-artifact-id
checkUpdateVersion-123456789000 --path-id lp-
YYYYYY --provisioning-parameters
Key=KeyName,Value=MyKeyPair3
Key=InstanceType,Value=m4.medium --provisioned-
product-name reInvent-CLI-example --provision-
token exampletoken
(launch product with parameters listed, you can also supply a
JSON file)

61. Production Rollout Experience

62. AWS
Service Catalog
AWS
CloudFormation
APPLICATION LOGIN PAGE
Non-Prod
Release
Management
Finalize
template
AWS
Service Catalog
Non-Prod
Prod
Share or
Import
template
Automate
Deployments
Operations
Create
Product
Production Workflow
Trigger Infrastructure and Application
builds via Jenkins
AWS Service Catalog CLI

63. 10+ AWS Service Catalog Portfolios
50+ AWS Service Catalog Products
800+ product launches
in the past 3 months!
The Numbers…

64. Enabling DevOps

65. Consumers Creators Managers
Wiki
DevOps
Infrastructure
FAQs

66. Consumers Creators Managers
Function Consume Resources Create Artifacts
Automate Processes
Create Environment
& Manage Resources
Typical Job Role Developers Automation/Release Mgmt Operations & InfoSec
AWS Access Launch Resources Create Artifacts Manage Environment
Governance
Responsibility
Meet Cost Requirements Artifacts that meet Standards Environment &
Compliance
Logging and
Monitoring
Read-Only Create Alarms & Dashboards Monitor & Audit
Service Catalog
Alignment
EndUserFullAccess AdminFullAccess AdminFullAccess + Full
IAM access

67. Consumers Creators Managers
Function Consume Resources Create Artifacts
Automate Processes
Create Environment
& Manage Resources
AD Group Publishing-Platform-Developers Publishing-Platform-DevOps AWS-admins
IAM role Publishing-Platform-Developers Publishing-Platform-DevOps AWS-admins
Policies attached
to Roles
ServiceCatalogEndUserFullAccess
ReadOnlyAccess
AWSSupportAccess
CloudWatchCreateDashboard
ServiceCatalogAdminFullAccess
ReadOnlyAccess
AWSSupportAccess
CloudFrontFullAccess
PublishingSQSAccess
AdministratorAccess
Service Catalog
Portfolio Access
Publishing-Platform Publishing-Platform
All of Service Catalog
All of Service Catalog
Example

68. Creates AD groups and AWS
IAM roles for application,
create IAM policies
Operations
Defines and creates Launch
constraints
2
Operations/Infrastructure Interaction
Managing Environment
Web
Server
Versions
Application BApplication A
• Users
• Constraints
• Tags
Service Catalog
1
Defines template constraints
AMI, security group, subnet,
instance types, tags
3

69. Creates portfolio and
assigns products to portfolio
1
Adds template constraints,
grant access and add tags
4
2 Creates
product
Authors
template
Automation/Release Mgmt Interaction
Managing & Creating Products
Web
Server
Versions
Application BApplication A
• Users
• Constraints
• Tags
Service Catalog
3
Release
Mgmt

70. Set Constraints with CLI
]$ aws servicecatalog create-constraint --portfolio-id
port-ZZZZZZ --product-id prod-XXXXXX --parameters
"{"Rules": {"Rule1": {"Assertions":
[{"Assert": {"Fn::Contains": [["EXAMPLE-AMI-ID-
1","EXAMPLE-AMI-ID-2"],{"Ref": "ami-
id"}]},"AssertDescription": "AMI ID should be
either EXAMPLE-AMI-ID-1 or EXAMPLE-AMI-ID-2"}]}}}" --
type TEMPLATE –idempotency-token exampletoken
New marketplace AMI
Custom AMI
AMI
Template
Constraint

71. Alignment Consistency Reusability
Agility &
Flexibility
Time to
Market
Built-In
Governance
Automation

76. Thank you!

77. Remember to complete
your evaluations!