Automatically tag provisioned products using AWS Service Catalog TagOption Library
One of the AWS SOA topics is related to deployment, provisioning, and automation.
The Service Catalog TagOption Library allows you to manage tags for products provisioned in Service Catalog.
To allow administrators to easily manage tags on provisioned products, Service Catalog provides a TagOption library. A TagOption is a key-value pair managed in Service Catalog. It is not an AWS tag, but serves as a template for creating an AWS tag based on the TagOption.AWS Service Catalog TagOption Library
This page aims to automatically set tags for products provisioned in Service Catalog using the Service Catalog TagOption Library.
The environment to be built is almost the same as the contents of the following pages.
The changes are settings related to TagOption.
Set TagOption for portfolios and products respectively.
CloudFormation template files
The above configuration is built with CloudFormation.
The CloudFormation templates are placed at the following URL
Explanation of key points of template files
This issue focuses on the Service Catalog TagOption Library.
For basic information on Service Catalog, please refer to the following pages.
Resources: TagOption1: Type: AWS::ServiceCatalog::TagOption Properties: Active: true Key: tag1 Value: true TagOption2: Type: AWS::ServiceCatalog::TagOption Properties: Active: true Key: tag2 Value: trueCode language: YAML (yaml)
Create two TagOptions.
One for portfolios and one for products.
The TagOption for the portfolio should be set as follows
- Tag name: tag1
- Tag value: true
TagOption for the product should be set as follows
- Tag name: tag2
- Tag value: true
Associate TagOption with a portfolio product by defining the following two resources
Resources: TagOptionAssociation1: Type: AWS::ServiceCatalog::TagOptionAssociation Properties: ResourceId: !Ref Portfolio TagOptionId: !Ref TagOption1 TagOptionAssociation2: Type: AWS::ServiceCatalog::TagOptionAssociation Properties: ResourceId: !Ref CloudFormationProduct TagOptionId: !Ref TagOption2Code language: YAML (yaml)
Use CloudFormation to build this environment and check its actual behavior.
Create CloudFormation stacks and check the resources in the stacks
Create CloudFormation stacks.
For information on how to create stacks and check each stack, please refer to the following pages.
The parameters of the command used to create the CloudFormation stack are as follows
$ aws cloudformation create-stack \ --stack-name soa-03-006 \ --template-url [s3-bucket-url]/soa-03-006.yaml \ --capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPANDCode language: Bash (bash)
After reviewing the resources in each stack, information on the main resources created in this case is as follows
- IAM User: soa-03-006-User
- IAM Group: soa-03-006-Endusers
- Portfolio: Engineering Tools
- Product: Linux Desktop
- IAM Role for Service Catalog: soa-03-006-IAMStack-1WYETO3-LinuxDesktopLaunchRole-1RA1FLM5ZIOV6
Check various resources from the AWS Management Console.
Check the TagOptions of the portfolio.
You can indeed see two tag information.
One for the portfolio and the other for the product tag information.
Also check the TagOptions for the product.
Two tag information can also be found here.
Now that you are ready, sign in to the AWS Management Console with the IAM user (soa-03-006-User) and launch the product.
If you look at the Manage tags section, you will see that two tags are specified as mandatory.
This means that by setting a TagOption on a portfolio or product, a tag can be automatically assigned to a provisioned product.
Finally, check the two resources (EC2, security group) that are the provisioned products.
You can see that there are indeed two tags set for two resources.
We have identified how to use the Service Catalog TagOption Library to automatically set tags for products provisioned in Service Catalog.