Automatically tag provisioned products using AWS Service Catalog TagOption Library
One of the AWS SOA topics is related to deployment, provisioning, and automation.
The Service Catalog TagOption Library allows you to manage tags for products provisioned in Service Catalog.
To allow administrators to easily manage tags on provisioned products, Service Catalog provides a TagOption library. A TagOption is a key-value pair managed in Service Catalog. It is not an AWS tag, but serves as a template for creating an AWS tag based on the TagOption.
AWS Service Catalog TagOption Library
This page aims to automatically set tags for products provisioned in Service Catalog using the Service Catalog TagOption Library.
Environment
The environment to be built is almost the same as the contents of the following pages.
The changes are settings related to TagOption.
Set TagOption for portfolios and products respectively.
CloudFormation template files
The above configuration is built with CloudFormation.
The CloudFormation templates are placed at the following URL
https://github.com/awstut-an-r/awstut-soa/tree/main/03/006
Explanation of key points of template files
This issue focuses on the Service Catalog TagOption Library.
For basic information on Service Catalog, please refer to the following pages.
TagOption
Resources:
TagOption1:
Type: AWS::ServiceCatalog::TagOption
Properties:
Active: true
Key: tag1
Value: true
TagOption2:
Type: AWS::ServiceCatalog::TagOption
Properties:
Active: true
Key: tag2
Value: true
Code language: YAML (yaml)Create two TagOptions.
One for portfolios and one for products.
The TagOption for the portfolio should be set as follows
- Tag name: tag1
- Tag value: true
TagOption for the product should be set as follows
- Tag name: tag2
- Tag value: true
Associate TagOption with a portfolio product by defining the following two resources
Resources:
TagOptionAssociation1:
Type: AWS::ServiceCatalog::TagOptionAssociation
Properties:
ResourceId: !Ref Portfolio
TagOptionId: !Ref TagOption1
TagOptionAssociation2:
Type: AWS::ServiceCatalog::TagOptionAssociation
Properties:
ResourceId: !Ref CloudFormationProduct
TagOptionId: !Ref TagOption2
Code language: YAML (yaml)Architecting
Use CloudFormation to build this environment and check its actual behavior.
Create CloudFormation stacks and check the resources in the stacks
Create CloudFormation stacks.
For information on how to create stacks and check each stack, please refer to the following pages.
The parameters of the command used to create the CloudFormation stack are as follows
$ aws cloudformation create-stack \
--stack-name soa-03-006 \
--template-url [s3-bucket-url]/soa-03-006.yaml \
--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND
Code language: Bash (bash)After reviewing the resources in each stack, information on the main resources created in this case is as follows
- IAM User: soa-03-006-User
- IAM Group: soa-03-006-Endusers
- Portfolio: Engineering Tools
- Product: Linux Desktop
- IAM Role for Service Catalog: soa-03-006-IAMStack-1WYETO3-LinuxDesktopLaunchRole-1RA1FLM5ZIOV6
Check various resources from the AWS Management Console.
Check the TagOptions of the portfolio.
You can indeed see two tag information.
One for the portfolio and the other for the product tag information.
Also check the TagOptions for the product.
Two tag information can also be found here.
Operation Check
Now that you are ready, sign in to the AWS Management Console with the IAM user (soa-03-006-User) and launch the product.
If you look at the Manage tags section, you will see that two tags are specified as mandatory.
This means that by setting a TagOption on a portfolio or product, a tag can be automatically assigned to a provisioned product.
Finally, check the two resources (EC2, security group) that are the provisioned products.
You can see that there are indeed two tags set for two resources.
Summary
We have identified how to use the Service Catalog TagOption Library to automatically set tags for products provisioned in Service Catalog.