Service Catalog Setup

  1. From AWS console login, go to ‘Identity and Access Management’ screen.
  2. From the left navigation panel choose ‘Policy’
  3. Select “Create Policy”.
  4. Select “Create Your Policy”.
  5. Create an IAM Policy with MFA restrictions
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    
    			# Add extra permissions for workflow execution here
    
                    "s3:Get*",
                    "servicecatalog:*",
                    "cloudformation:*"
                ],
                "Resource": "*",
                "Condition": {
                    "Bool": {
                        "aws:MultiFactorAuthPresent": "true"
                    }
                }
            }
        ]
    }
    
  6. From the left navigation panel choose ‘Groups’
  7. Select “Create New Group”.
  8. Create an IAM group and attach the custom policy from step 5
    Screenshot
  9. Create a new IAM User, only enable Programmatic access and add the user to the group created on step 7
    Screenshot
  10. On the final step of creating the user download the access keys and store them securely.
  11. Enable MFA for the new user
    Screenshot
  12. After enabling MFA save the ARN of the MFA Device
    Screenshot
    Note: For workflow execution to work you have to create a Portfolio in AWS in the Service Catalog section.
    Screenshot
  13. Click the portfolio and expand the Users, groups and roles section and add the group created before.
    Screenshot

In nOps:

  1. Go to Workflows > Available Workflows
    Screenshot
  2. Click on credential settings
    Screenshot
  3. Input access keys and mfa device arn
    Screenshot

Creating a product:

Before creating a product you will need:

  • A CloudFormation template of the product you want to create
  • An IAM policy with the necessary permissions to deploy the product. (See page 1 for policy example)
  1. On the AWS Console go to service catalog section and select Portfolio List:
    Screenshot
  2. On the AWS Console go to service catalog section and select Portfolio List:
    Screenshot
  3. Click on Upload new product button and fill in the required forms. You will be prompted for product details and a CloudFormation template.
  4. Grant the policy specific to the new product to the workflow users group or to specific users and add that configuration in the portfolio details page
    Screenshot

Sharing and importing Portfolios

To share a Portfolio you will need:

  • The account Id of the receiving account

On the owner side:

  1. Go to the details page of the Portfolio you want to share and expand the Share with other AWS accounts section:
    Screenshot
  2. Click on Add Account and input the receiver account’s Id
    Screenshot
  3. Take note of the provided link after clicking Share
    Screenshot
  4. Send that link to the client

On the client’s side

  1. Login into the AWS console
  2. Click on the link provided by nOps administrator
  3. Click on Import
  4. Add users and group in the imported Portfolio details page

nOps Help Center

Copyrights © 2019 nOps.io All Rights Reserved.