MENU
Architecting AWS with CloudFormation
  1. Home
  2. SOA_EN
  3. Automatically tag provisioned products using AWS Service Catalog TagOption Library

Automatically tag provisioned products using AWS Service Catalog TagOption Library

SOA_EN
Automatically tag provisioned products using AWS Service Catalog TagOption Library.

Automatically tag provisioned products using AWS Service Catalog TagOption Library

One of the AWS SOA topics is related to deployment, provisioning, and automation.

The Service Catalog TagOption Library allows you to manage tags for products provisioned in Service Catalog.

To allow administrators to easily manage tags on provisioned products, Service Catalog provides a TagOption library. A TagOption is a key-value pair managed in Service Catalog. It is not an AWS tag, but serves as a template for creating an AWS tag based on the TagOption.

AWS Service Catalog TagOption Library

This page aims to automatically set tags for products provisioned in Service Catalog using the Service Catalog TagOption Library.

Environment

Diagram of automatically tag provisioned products using AWS Service Catalog TagOption Library.

The environment to be built is almost the same as the contents of the following pages.

https://awstut.com/en/2023/04/08/introduction-to-aws-service-catalog-using-cloudformation-en

The changes are settings related to TagOption.
Set TagOption for portfolios and products respectively.

CloudFormation template files

The above configuration is built with CloudFormation.
The CloudFormation templates are placed at the following URL

https://github.com/awstut-an-r/awstut-soa/tree/main/03/006

Explanation of key points of template files

This issue focuses on the Service Catalog TagOption Library.
For basic information on Service Catalog, please refer to the following pages.

https://awstut.com/en/2023/04/08/introduction-to-aws-service-catalog-using-cloudformation-en

TagOption

Resources:
  TagOption1:
    Type: AWS::ServiceCatalog::TagOption
    Properties:
      Active: true
      Key: tag1
      Value: true

  TagOption2:
    Type: AWS::ServiceCatalog::TagOption
    Properties:
      Active: true
      Key: tag2
      Value: true
Code language: YAML (yaml)

Create two TagOptions.
One for portfolios and one for products.

The TagOption for the portfolio should be set as follows

  • Tag name: tag1
  • Tag value: true

TagOption for the product should be set as follows

  • Tag name: tag2
  • Tag value: true

Associate TagOption with a portfolio product by defining the following two resources

Resources:
  TagOptionAssociation1:
    Type: AWS::ServiceCatalog::TagOptionAssociation
    Properties:
      ResourceId: !Ref Portfolio
      TagOptionId: !Ref TagOption1

  TagOptionAssociation2:
    Type: AWS::ServiceCatalog::TagOptionAssociation
    Properties:
      ResourceId: !Ref CloudFormationProduct
      TagOptionId: !Ref TagOption2
Code language: YAML (yaml)

Architecting

Use CloudFormation to build this environment and check its actual behavior.

Create CloudFormation stacks and check the resources in the stacks

Create CloudFormation stacks.
For information on how to create stacks and check each stack, please refer to the following pages.

https://awstut.com/en/2021/12/11/cloudformations-nested-stack

The parameters of the command used to create the CloudFormation stack are as follows

$ aws cloudformation create-stack \
--stack-name soa-03-006 \
--template-url [s3-bucket-url]/soa-03-006.yaml \
--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND
Code language: Bash (bash)

After reviewing the resources in each stack, information on the main resources created in this case is as follows

  • IAM User: soa-03-006-User
  • IAM Group: soa-03-006-Endusers
  • Portfolio: Engineering Tools
  • Product: Linux Desktop
  • IAM Role for Service Catalog: soa-03-006-IAMStack-1WYETO3-LinuxDesktopLaunchRole-1RA1FLM5ZIOV6

Check various resources from the AWS Management Console.

Check the TagOptions of the portfolio.

Detail of Service Catalog 1.

You can indeed see two tag information.
One for the portfolio and the other for the product tag information.

Also check the TagOptions for the product.

Detail of Service Catalog 2.

Two tag information can also be found here.

Operation Check

Now that you are ready, sign in to the AWS Management Console with the IAM user (soa-03-006-User) and launch the product.

Detail of Service Catalog 3.

If you look at the Manage tags section, you will see that two tags are specified as mandatory.
This means that by setting a TagOption on a portfolio or product, a tag can be automatically assigned to a provisioned product.

Finally, check the two resources (EC2, security group) that are the provisioned products.

Detail of EC2 1.
Detail of EC2 2.

You can see that there are indeed two tags set for two resources.

Summary

We have identified how to use the Service Catalog TagOption Library to automatically set tags for products provisioned in Service Catalog.

SOA_EN
CloudFormation_EN EC2(Linux)_EN Service Catalog_EN