This repository consists of a framework to deploy AWS Cloud 9 with AWS Service Catalog.
There are unique challenges with deploying Cloud 9 environments using Service Catalog. When you provision Cloud 9 environments directly within the AWS Console or with AWS CloudFormation, the environment is assigned to the logged in user's account and is only accessible by that user.
When deploying a Cloud 9 environment via Service Catalog, by default, the Cloud 9 environment is assigned to a Service Catalog service role that is inaccessible to the user. This solution works around that issue by capturing the user who launched the product by storing the relevant AWS CloudTrail event and assigning the user to the Cloud 9 environment.
You also cannot specify the size of the underlying storage with CloudFormation. This repository also includes a CloudFormation custom resource which modifies the size of the attached Elastic Block Store volume and allows the end user to specify the amount of storage needed for the Cloud 9 environment. By default, Cloud 9 only allocates 10GB of storage.
AWS Service Catalog lets you centrally manage your cloud resources to achieve governance at scale of your infrastructure as code (IaC) templates, written in CloudFormation or Terraform. With AWS Service Catalog, you can meet your compliance requirements while making sure your customers can quickly deploy the cloud resources they need.
AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal. Cloud9 comes prepackaged with essential tools for popular programming languages, including JavaScript, Python, PHP, and more, so you don’t need to install files or configure your development machine to start new projects.
The architecture is based on the AWS blogpost Tracking AWS Service Catalog products provisioned by individual SAML users.
- The user provisions the AWS Cloud 9 product after authenticating to AWS Service Catalog.
- AWS Service Catalog launches an AWS CloudFormation template in response to the user’s request.
- An AWS Lambda function (lmd-csr-store-cft-deployer) is invoked based on the Amazon CloudWatch rule triggered by the CloudFormation CreateStack event.
lmd-csr-store-cft-deployer
function reads the Active Directory User Name and CloudFormation stack ID from the event record and stores this information in an Amazon DynamoDB database (sc-track-user
).- The CloudFormation template provisions a custom resource that invokes the AWS Lambda function (lmd-csr-get-cft-deployer).
- The Lambda function reads the user name from the Amazon DynamoDB record associated with the CloudFormation stack ID and returns this information back to the CloudFormation template.
This repository is based on the Service Catalog Framework.
It also includes Lambdas from the CloudFormation data sources repository
This solution uses two CloudFormation custom resources to determine where the Cloud 9 EC2 instance should be deployed based on tags:
- CFNGetVPCByTag By default, it looks for a VPC with a tag named
Cloud9
and with a value ofTrue
. This can be changed in the Cloud9 CloudFormation template - CFNGetSubnesByTag: By default, it looks for a subnet with a tag named
Cloud9
and with a value ofTrue
. This can be changed in the Cloud9 CloudFormation template
The most straightforward method to deploy this solution involves logging into your AWS account with the appropriate permissions and using AWS CloudShell
Log into your AWS account, navigate to the Cloudshell page and clone the repository.
# Deploy the Lambdas
bash deploy.sh
- AWS SAM prerequisites
- Docker Desktop When deploying locally instead of using CloudShell, the deployment script uses Docker to build the Lambdas with the proper dependencies.
From the terminal, after you clone the repository, run the following commands.
# Deploy the Lambdas
bash deploy.sh
- Service Catalog Overview - describes the AWS Service Catalog service.
- Using Service Catalog - a walkthrough of the end user experience when provisioning products.
- Service Catalog Administration Guide - describes how to administer Service Catalog portfolios.
- Framework Deployment - a step by step guide detailing the AWS resources that get deployed and how to deploy the framework.