AWS Service Catalog (Amazon Web Services) Delivering Self-Service IT
Our mission as AWS consulting partners is to help enterprises quickly gain value from DevOps, which often entails creating means for self-service IT. While we’ve been helping organizations achieve this goal for quite some time now, we had been doing so by building a self-service dashboard with Open Source technology using Jenkins.
AWS Service Catalog has made this job so much easier. Rather than using an outside dashboard to achieve this goal, we now use AWS Service Catalog directly making the process faster and more intuitive for the user. And, as a bonus, AWS Service Catalog also offers security controls which makes building AWS cloud security best practices into the self-serve model that much easier.
Generally available since July of 2015, AWS Service Catalog was designed to help operations teams provide automated infrastructure provisioning through ‘easy buttons’. These easy buttons can then be made available to developers, QA, and other members of the operations team to easily request (and receive) pre-approved infrastructure for deployment.
For example, a common request that an operations team might get from another team is for the creation of a new Windows IIS server. Rather than manually creating it each time, the operations team can go ahead and create a product on the AWS Service Catalog which will serve as the easy button for requesting and provisioning the pre-approved Windows IIS server. Once created, if someone needs an IIS Windows instance and they are happy with the pre-approved default template, they need only push the button and the instance will be created.
While Amazon customers have always had this capability available through AWS EC2 — in that a user could log-in and create an instance — there was a very major drawback to that approach. Namely, a user needed permissions to create instances. However, there was no easy way to restrict said user to only creating instances with best practices. For all intents and purposes, permissions were wide ranging giving users the power to create instances with a potentially wide variety of configurations.
Easy Button Benefits
Now with AWS Service Catalog, there is an easy button that when pressed will always spin up the instance with the best practices and pre-approved settings. This is significant because it is a very big step toward enabling true self-service IT in the enterprise. Rather than operations teams fielding multiple similar requests and having to go forth and provision the infrastructure required to service those requests, they can convert these requests into templates, the basis for creating an easy button. Then, when a developer or other user wants a new resource created for them with all the best practices pre-approved, they simply need to push the corresponding easy button on their AWS Service Catalog dashboard.
Having worked with a variety of organizations across industries, I can tell you that the new AWS Service Catalog will be especially helpful for organizations in the commercial enterprise segment, public sector and high compliance environments where development teams are not allowed to create arbitrary resources on their own.
For example, at Flux7 we worked with a customer in the public sector where their average time to get a new AWS resource provisioned was approximately four months. The reason: each time a new IIS and/or SQL Server Database-based environment was required, the team would create a new high level architecture document. This document would then be forwarded on for approvals, working its way up a very long chain of command, eventually landing on the CTO’s desk. It then made its way back and into the team responsible for provisioning the infrastructure. While they eventually got the infrastructure back and resource provisioned, it oftentimes did not fully pass all the requirements that were put in place.
In contrast, with self-service IT at the helm, we were able to cut the standard time to provision from four months to four minutes. We did so by taking the common architecture patterns that were repeatedly requested by the organization’s development and QA teams and converted them into CloudFormation templates that could be used to consistently reprovision the oft-requested infrastructure. We helped the organization get the CloudFormation templates approved and blessed by the IS and Operations teams, from which point we created an easy button. While we created this customer’s solution prior to AWS Service Catalog, the end result was the same: an easy button which development teams could push from their dashboard to create a best practices standard IIS Windows and SQL server environment. The time to provision with the easy button was approximately four minutes.
Security Built In
In addition to ensuring that consistency of build prevails, AWS Service Catalog also helps ensure security, governance and compliance controls are built in to deployed services. For example, AWS Service Catalog allows administrators to control which IT services and versions are available to which individual, group, department, and/or cost center. Operations can also easily control the use of IT services by specifying constraints such as the AWS region in which a product can be launched or allowed IP ranges.
At Flux7, we are already taking great advantage of the new AWS Service Catalog, focusing especially on operations teams within our enterprise customers who can benefit from greater efficiency while still maintaining governance as the architecture evolves.
If you would like to reap the benefits of self-service IT within your organization while maintaining consistency and control, or if you would simply like more information about how AWS Service Catalog can help serve you better, reach out to us at Flux7 today.
Did you find this useful?
Interested in getting tips, best practices and commentary delivered regularly? Click the button below to sign up for our blog and set your topic and frequency preferences.