Organizations have many business reasons to track resource usage across their AWS environments. For example, management and administrative teams want to track operation expenditure, license governance, and asset tracking for their AWS Marketplace solutions across Regions currently in use. A centralized reporting dashboard allows the teams to access this information quickly and efficiently.

This post will show you how to create cross-region deployment reports. They will contain information on any AWS service deployed via Service Catalog, e.g., storage, databases, containers, and any third-party Marketplace ISV solutions. Organizations can view all AWS Service Catalog deployments in these reports in a simple, easy-to-use dashboard.

Prerequisites­

For this solution, you will need an AWS account and sufficient permissions in that account to create the following resources:

Background

Here are some of the AWS Service Catalog concepts referenced in this post. For more information, see the Overview of the AWS Service Catalog.

  • A product is a blueprint for building the AWS resources necessary to make it available for deployment on AWS, along with the configuration information. Create a product by importing an AWS CloudFormation template, or, in case of AWS Marketplace-based products, by copying the product to the AWS Service Catalog. A product can belong to multiple portfolios.
  • A portfolio is a collection of products, together with the configuration information. Use portfolios to manage user access to specific products. You can grant portfolio access for an AWS Identity and Access Management (IAM) user, IAM group, or IAM role level.
  • A provisioned product is an AWS CloudFormation stack. In other words, the AWS resources that are created. When an end-user launches a product, AWS Service Catalog provisions the product from an AWS CloudFormation stack.
  • Constraints control the way that users can deploy a product. Launch constraints let you specify a role that the AWS Service Catalog can assume to launch a product.

Solution overview

The following diagram maps out the solution architecture.

The architecture diagram shows the components used by the solution. It also shows the steps in which they will be deployed and used

Administrator process

The administrator deploys a CloudFormation template that creates resources in the central account. These resources include an AWS Service Catalog product, Amazon DynamoDB instance, Amazon S3 bucket, AWS CloudFormation templates, and more. These components will be used to collect and manage the application information coming from the different accounts and Regions.

End user process

End users use an AWS Service Catalog product to update the central account with application information. End users can also access the web interface in the central account to view the report dashboard.

Configuring an environment

For your convenience, we have supplied an AWS CloudFormation template to automate the creation of prerequisite AWS resources.

Step 1. Download the CloudFormation template and upload this to an Amazon S3 bucket.

  1. Download the content in this zip file
  2. Extract the zip file, and it will create a folder called content
  3. Log in to your AWS account as an administrator that can create AWS resources
  4. Create an Amazon S3 bucket and note this name
  5. Upload the content folder to your newly created S3 bucket
  6. Drill down into the content/screports folder
  7. Choose the checkbox next to screports_setup.json
  8. Right click and copy the Object URL

Step 2. Deploy the CloudFormation template

  1. Navigate to the AWS CloudFormation landing page
  2. Choose Create Stack, and in the drop-down menu choose With new resources (standard)
  3. On the Create stack page, under Specify template choose Amazon S3 URL. In the Amazon S3 URL field, paste the S3 Object URL link that you copied from Step 1.7
  4. Choose Next
    The administrator fills out the inputs to deploy the setup CloudFormation stackFigure 2: Stack parameters
  5. In the Specify stack details section, enter the following:
    • Stack Name: screports-setup
    • SourceBucket: Enter the bucket name that you created, and note it in Step 1.4
  6. Select Next
  7. On the Configure stack options page, select Next
  8. On the Review page, select the box next to I acknowledge that AWS CloudFormation might create IAM resources
  9. Select Create Stack
  10. Wait for the Status to change to CREATE_COMPLETE. This will take 3-14 min.

View the stack output


The output from the provisioned product is displayed with a link to view the web interface

Two hyperlinks are listed:

  • ConsolidatedReportsUrl – this link will display the deployments report.
  • Spoketemplate – this link points to a custom CloudFormation template created to be used in your account. Deploy this template in any account, and it will send all of the AWS Service Catalog events to the primary account.

Consolidated reports

View your application via the web report interface

You must deploy one or more AWS Service Catalog products first for the products to show up in the report.

After you have deployed one or more AWS Service Catalog products, right-click on the ConsolidatedReportsUrl, and open a new tab. The reports show AWS Service Catalog products that have been deployed. Products based in AWS Marketplace solutions deployed by AWS Service Catalog also show up in the report, as shown in the following. This information is useful to procurement officers that must track AWS Marketplace expenditures. The reports include the following information about AWS Service Catalog products that have been deployed:.

  • Accounted
  • provisionedProductName
  • status
  • userArn who deployed the product
  • createdTime
  • terminationTime
  • awsRegion
  • SourceIPAddress
  • provisionedProdutId

The output from the provisioned product is displayed with a link to view the web interface.

When AWS Service Catalog products are terminated, the status is changed to TERMINATED, and the terminationTime is updated.

Configuring the solution in other accounts and Regions

Create the spoke account setup CFT template
Saving the spoke template

  1. On the AWS CloudFormation page
  2. Select the stack you deployed
  3. Select the Outputs tab
  4. Select the Spoketemplate link, and download and save the Spoketemplate
  5. Note the location where the template is saved

Deploying the CFT template in the spoke account or different Region

  1. Log in to the spoke account with a role that has the permission to create resources or use the same account, and switch to a different Region
  2. Navigate to the AWS CloudFormation console
  3. Navigate to the AWS CloudFormation landing page
  4. Choose Create Stack, and in the dropdown menu choose With new resources (standard)
  5. On the Create stack page, under Specify template, choose Upload a template file
  6. Select Choose file, and select the file that you saved from the file system
  7. Choose Next, and then Choose Next
  8. For Stack name, enter screportspoke01
  9. Select Next
  10. On the Configure stack options page, select Next
  11. On the Review page, check the box next to I acknowledge that AWS CloudFormation might create IAM resources
  12. Select Create stack
  13. Wait for the stack status to change to CREATE_COMPLETE

Deploying an AWS Service Catalog from the spoke account or Region or different Region

Navigate to the AWS Service Catalog admin page

  1. Select Products from the top left
  2. Select any product
  3. Select Launch product
  4. Select the Generate name check box for Provisioned product name
  5. Select update for Action
  6. Select Launch product
  7. Wait until the status changes to Available in the top right
  8. Go back to the web report interface, and refresh the browser
  9. The product from the other account or Region will be visible.

AWS CloudFormation StackSets can also deploy the reporting stack to the spoke accounts. In an AWS Control Tower environment, you can also use the technique in this blog to automate the stack deployment to the spoke accounts.

Cleanup

To avoid ongoing charges in your account, delete the resources that you created. Use the AWS Service Catalog console to delete the AWS Service Catalog product. Choose Provisioned products, and from Actions, choose Terminate. Use the CloudFormation console to delete the stack that you created. For instructions, see Deleting a stack on the AWS CloudFormation console.

Use the Amazon S3 console to delete the bucket contents, and then delete the bucket. For instructions, see Deleting a bucket.

Conclusion

In this post, you learned how to use the AWS Service Catalog and other services to track, manage, and display reports of provisioned products across accounts and Regions. This process provides increased visibility for enterprise groups like procurement that can use this dashboard to know which curated software solutions have been deployed, perform asset tracking, and help control expenditures.

About the authors

Kenneth Walsh

Kenneth Walsh is a New York-based Solutions Architect whose focus is AWS Marketplace. Kenneth is passionate about cloud computing and loves being a trusted advisor for his customers. When he’s not working with customers on their journey to the cloud, he enjoys cooking, audio books, movies, and spending time with his family and dog.