Service Catalog Setup

  1. From AWS console login, go to ‘Identity and Access Management’ screen.
  2. From the left navigation panel choose ‘Policy’
  3. Select “Create Policy”.
  4. Select “Create Your Policy”.
  5. Create an IAM Policy with MFA restrictions
        "Version": "2012-10-17",
        "Statement": [
                "Effect": "Allow",
                "Action": [
    			# Add extra permissions for workflow execution here
                "Resource": "*",
                "Condition": {
                    "Bool": {
                        "aws:MultiFactorAuthPresent": "true"
  6. From the left navigation panel choose ‘Groups’
  7. Select “Create New Group”.
  8. Create an IAM group and attach the custom policy from step 5
  9. Create a new IAM User, only enable Programmatic access and add the user to the group created on step 7
  10. On the final step of creating the user download the access keys and store them securely.
  11. Enable MFA for the new user
  12. After enabling MFA save the ARN of the MFA Device
    Note: For workflow execution to work you have to create a Portfolio in AWS in the Service Catalog section.
  13. Click the portfolio and expand the Users, groups and roles section and add the group created before.

In nOps:

  1. Go to Rules > Rules Engine
  2. Click on credential settings
  3. Input access keys and mfa device arn

Creating a product:

Before creating a product you will need:

  • A CloudFormation template of the product you want to create
  • An IAM policy with the necessary permissions to deploy the product. (See page 1 for policy example)
  1. On the AWS Console go to service catalog section and select Portfolio List:
  2. On the AWS Console go to service catalog section and select Portfolio List:
  3. Click on Upload new product button and fill in the required forms. You will be prompted for product details and a CloudFormation template.
  4. Grant the policy specific to the new product to the workflow users group or to specific users and add that configuration in the portfolio details page

Sharing and importing Portfolios

To share a Portfolio you will need:

  • The account Id of the receiving account

On the owner side:

  1. Go to the details page of the Portfolio you want to share and expand the Share with other AWS accounts section:
  2. Click on Add Account and input the receiver account’s Id
  3. Take note of the provided link after clicking Share
  4. Send that link to the client

On the client’s side

  1. Login into the AWS console
  2. Click on the link provided by nOps administrator
  3. Click on Import
  4. Add users and group in the imported Portfolio details page

nOps Help Center

© 2019 All Rights Reserved.