aws-samples / aws-service-catalog-tools-workshop Goto Github PK
View Code? Open in Web Editor NEWIndependent, self paced lab for learning how to install, configure and use the Service Catalog Tools.
License: Apache License 2.0
Independent, self paced lab for learning how to install, configure and use the Service Catalog Tools.
License: Apache License 2.0
Go to https://service-catalog-tools-workshop.com/reinvent2019/
Verify that the list of helpers is up to date
"provision a product named aws-config-desired-instance-types into each of the enabled regions of the account"
If using eu-west-1 the product can be seen:
https://eu-west-1.console.aws.amazon.com/servicecatalog/home?region=eu-west-2&isSceuc=true#/stacks
However if using eu-west-2 there is an IAM permissions issue:
https://eu-west-2.console.aws.amazon.com/servicecatalog/home?region=eu-west-2&isSceuc=true#/stacks
User: arn:aws:sts::xxx:assumed-role/TeamRole/MasterKey is not authorized to perform: servicecatalog:ScanProvisionedProducts on resource: arn:aws:servicecatalog:eu-west-2:xx:*/* with an explicit deny
A CloudFormation stack is created with no errors
Parameter value: '{{ VERSION }}' failed to satisfy constraint: Parameter value can't nest another parameter. Do not use "{{}}" in the value.
The template and/or the workshop instructions should have more details to enable users to provide valid values. I'm assuming that the correct values are "account ID for where puppet runs" and "1".
Solution Add some context to the docs on where to obtain the account number and how to properly format it within the yaml file
I would expect here "Service Catalog Puppet can be installed via a pre-created...."
I see here "Service Catalog Factory can be installed via a pre-created..."
The installation of Service Catalog Factory is already explained in the page before.
create a VPC pipeline fails
I observed
197 | Found existing installation: colorama 0.4.3
198 | Uninstalling colorama-0.4.3:
199 | Successfully uninstalled colorama-0.4.3
200 | ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
201 | cookiecutter 1.7.3 requires requests>=2.23.0, but you have requests 2.22.0 which is incompatible.
202 | awscli 1.20.6 requires botocore==1.21.6, but you have botocore 1.17.33 which is incompatible.
203 | awscli 1.20.6 requires colorama<0.4.4,>=0.2.5, but you have colorama 0.4.4 which is incompatible.
204 | awscli 1.20.6 requires s3transfer<0.6.0,>=0.5.0, but you have s3transfer 0.3.3 which is incompatible.
205 | aws-sam-cli 1.27.2 requires click~=7.1, but you have click 7.0 which is incompatible.
206 | aws-sam-cli 1.27.2 requires requests==2.25.1, but you have requests 2.22.0 which is incompatible.
207 | Successfully installed MarkupSafe-1.1.1 PyYAML-5.4 astroid-2.4.2 aws-service-catalog-factory-0.64.0 better-boto-0.36.0 boto3-1.14.33 botocore-1.17.33 certifi-2020.6.20 cfn-flip-1.2.1 chardet-3.0.4 click-7.0 colorama-0.4.4 colorclass-2.2.0 deepmerge-0.3.0 docopt-0.6.2 docutils-0.14 enum34-1.1.10 idna-2.8 isort-4.3.21 lazy-object-proxy-1.4.3 lockfile-0.12.2 luigi-2.8.6 mccabe-0.6.1 pykwalify-1.7.0 pylint-2.5.0 python-daemon-2.1.2 python-dateutil-2.8.1 requests-2.22.0 s3transfer-0.3.3 six-1.15.0 terminaltables-3.1.0 toml-0.10.1 tornado-4.5.3 troposphere-2.6.4 typed-ast-1.4.1 urllib3-1.22 wrapt-1.12.1
208 | WARNING: Running pip as root will break packages and permissions. You should install packages reliably by using venv: https://pip.pypa.io/warnings/venv
209 | WARNING: You are using pip version 21.1.2; however, version 21.2.4 is available.
210 | You should consider upgrading via the '/root/.pyenv/versions/3.7.10/bin/python3.7 -m pip install --upgrade pip' command.
211 |
212 | [Container] 2021/08/28 02:49:03 Phase complete: INSTALL State: SUCCEEDED
213 | [Container] 2021/08/28 02:49:03 Phase context status code: Message:
214 | [Container] 2021/08/28 02:49:03 Entering phase PRE_BUILD
215 | [Container] 2021/08/28 02:49:03 Phase complete: PRE_BUILD State: SUCCEEDED
216 | [Container] 2021/08/28 02:49:03 Phase context status code: Message:
217 | [Container] 2021/08/28 02:49:03 Entering phase BUILD
218 | [Container] 2021/08/28 02:49:03 Running command servicecatalog-factory --info generate .
219 | INFO MainThread Generating
220 | INFO MainThread logging configured by default settings
221 | INFO: Done scheduling tasks
222 | INFO MainThread Done scheduling tasks
223 | INFO: Running Worker with 10 processes
224 | INFO MainThread Running Worker with 10 processes
225 | INFO: Worker Worker(salt=794597043, workers=10, host=b4c11f922991, username=root, pid=288) was stopped. Shutting down Keep-Alive thread
226 | INFO Thread-1 Worker Worker(salt=794597043, workers=10, host=b4c11f922991, username=root, pid=288) was stopped. Shutting down Keep-Alive thread
227 | INFO:
228 | ===== Luigi Execution Summary =====
229 |
230 | Did not schedule any tasks
231 |
232 | ===== Luigi Execution Summary =====
233 |
234 | INFO MainThread
235 | ===== Luigi Execution Summary =====
236 |
237 | Did not schedule any tasks
238 |
239 | ===== Luigi Execution Summary =====
240 |
241 | +--------+------+------------------------+----------+
242 | | Result | Task | Significant Parameters | Duration |
243 | +--------+------+------------------------+----------+
244 |
245 | [Container] 2021/08/28 02:49:04 Phase complete: BUILD State: SUCCEEDED
246 | [Container] 2021/08/28 02:49:04 Phase context status code: Message:
247 | [Container] 2021/08/28 02:49:04 Entering phase POST_BUILD
248 | [Container] 2021/08/28 02:49:04 Phase complete: POST_BUILD State: SUCCEEDED
249 | [Container] 2021/08/28 02:49:04 Phase context status code: Message:
250 | [Container] 2021/08/28 02:49:04 Expanding base directory path: .
251 | [Container] 2021/08/28 02:49:04 Assembling file list
252 | [Container] 2021/08/28 02:49:04 Expanding .
253 | [Container] 2021/08/28 02:49:04 Expanding file paths for base directory .
254 | [Container] 2021/08/28 02:49:04 Assembling file list
255 | [Container] 2021/08/28 02:49:04 Expanding results//
256 | [Container] 2021/08/28 02:49:04 Expanding output//
257 | [Container] 2021/08/28 02:49:04 Expanding portfolios/*
258 | [Container] 2021/08/28 02:49:04 Phase complete: UPLOAD_ARTIFACTS State: FAILED
259 | [Container] 2021/08/28 02:49:04 Phase context status code: CLIENT_ERROR Message: no matching artifact paths found
Solution rename the product they should be looking for in the documentation (budget and cost governance)
The Howto to add an account to the manifest file of the puppet projects is illustrated by a screenshot of the Factory repository.
Update the screenshot to show the Puppet account
Can we haz
Consider making it more fun/precise.
Introduce participants to what they will be doing as part of their new job: aws-service-catalog-tools-workshop/workshop/content/50-revinvent2019/400-welcome-to-your-new-job/_index.md
Follow the workshop to create your first product. When the aws-config-instance-types-v1-pipeline runs, the Deploy stage gives you a link to jump to service-catalog directly to see the product
When I click on the link in the deploy stage, it should take me to the product.
I get an "Error: Product details not found."
This is the link that it produces: https://eu-west-1.console.aws.amazon.com/servicecatalog/home?#/admin-products/details?productId=prod-gahetlx7tdnza.
I think that the region param is missing but not sure if that's a red herring:
If I want to list products via the SC UI, this is the link the console produces: https://eu-west-1.console.aws.amazon.com/servicecatalog/home?region=eu-west-1&isSceuc=false#admin-products
Change Description: "Portfolio containing the you can use to ensure you meet the governance guidelines"
to Description: "Portfolio containing products that you can use to ensure you meet the governance guidelines"
I expected to find that a subnet with the CIDR range of 10.0.1.0/24 has been created
No subnet is created. Instead the terraform apply fails with an error unable to find a value for variable/parameter "VPCId"
This looks like an issue with case sensitivity of environment variables. The terraform variable is "VPCId" but the environment variable being set later on in the Puppet manifest file is "VPCID". When I changed the terraform variable to "VPCID" the subnet provisioned as expected.
Would propose that the fix is to change the terraform variable name as this will be in line with the Service Catalog version of this step which uses VPCID throughout for the parameter name.
Wondering if it makes sense to add a conclusion section at the end of task 2? Same level as Data Governance etc. to wrap things up.
I expected for a pipeline to be created (workspace–subnet-v1-pipeline) using the repository I created (subnet-terraform) as the source
A pipeline is created (workspace–subnet-v1-pipeline) which uses a repository named subnet as its source
This looks like a simple typo in the snippet, elsewhere it is stated that the first step should
create a pipeline that will take source code from a branch named main of CodeCommit repo named subnet-terraform
I will create PR under the assumption that the use of subnet-terraform is correct and will update wherever this is not being used.
When you create the RDS product for the first time, you get a fail that looks like this:
·[0;31;49m| FAIL F26·[0m
·[0;31;49m|·[0m
·[0;31;49m| Resources: ["RdsDbCluster"]·[0m
·[0;31;49m| Line Numbers: [84]·[0m
·[0;31;49m|·[0m
·[0;31;49m| RDS DBCluster should have StorageEncrypted enabled·[0m
We should get rid of the terminal escape codes to make the output readable.
https://service-catalog-tools-workshop.com/40-reinvent2019/150-task-2/100-create-the-control.html
"Click on the product aws-config-enable-config"
The product we are deploying should be "aws-config-rds-storage-encrypted"
For the workshop, we are using the same account as a hub and spoke. We need to call this out multiple times to avoid confusion, I think it may not be very obvious.
First place to call this out:
40-reinvent2019/100-task-1/100-create-the-control.html
And then when we create the manifest:
40-reinvent2019/100-task-1/200-provision-the-control.html
I can create PR for it
*Url: *https://service-catalog-tools-workshop.com/40-reinvent2019/150-task-2/300-create-the-product.html (https://service-catalog-tools-workshop.com/40-reinvent2019/150-task-2/300-create-the-product.html)
*Description: Typo in sentence “When users create a new RDS instance using this product, encryption at rest is enabled by default an no further configuration is required.”
Should read “When users create a new RDS instance using this product, encryption at rest is enabled by default and no further configuration is required.”
Solution Edit the documentation*
please include urls where possible
I observed
I expected to observe
*Description: When copying and pasting code snippets in, the original code looks like it is formatted with spacing set at 2 but the CodeCommit uses spacing set at 4. *
Solution: Use tab spacing set at 4 in the documentation in line with the editing function of CodeCommit.
Description: Same as issue 2 but referenced in task 2 under ‘Verify the product was added to the portfolio’
docs states product is called aws-config-enable-config but it is actually called aws-config-rds-storage-encrypted (https://eu-west-1.console.aws.amazon.com/servicecatalog/home?region=eu-west-1&isSceuc=false#admin-products/prod-ipk67icuxn6ak)
Solution Edit the documentation
I expected the CFNNag test to fail
I observed that the CFNNag test succeeded
See https://113dd118-e3fb-11eb-8877-acde48001122.s3.amazonaws.com/tmp/build-output-cfn-nag.txt for the build log results
Suggestion to change
- account_id: "<YOUR_ACCOUNT_ID>"
name: "puppet-account"
default_region: "eu-west-1"
regions_enabled:
- "eu-west-1"
- "eu-west-2"
tags:
- "type:prod"
- "partition:eu"
- "scope:pci"
to
- account_id: "<YOUR_ACCOUNT_ID>"
name: "puppet-account"
default_region: "eu-west-1"
regions_enabled:
- "eu-west-1"
- "eu-west-2"
tags:
- "type:prod"
- "partition:eu"
I don't think the pci tag adds much here and it could be potentially confusing.
Solution Edit the documentation
For this step : https://service-catalog-tools-workshop.com/30-how-tos/50-every-day-use/190-creating-a-manifest.html
It's not explicitly said that the created file should be empty. Furthermore, the bottom screenshot contains what looks like to be the bottom of the file we'd be adding, and it has contents.
Proposed fix : either state that the file should be empty, or explicit a content to input.
https://service-catalog-tools-workshop.com/30-how-tos/50-every-day-use/192-adding-an-account.html
To add an account to share portfolio with the puppet project, one prerequisite is to "boostrap the spoke". It's something that has not be done if following the workshop in its logical order ; furthermore there is no page about that in the workshop.
I found this other documentation to do it.
Description: Puppet pipeline fails when provisioning rds product cannot find portfolio called cloud-engineering-self-service.
Solution: found the issue the yaml example for the manifest has incorrectly named the portfolio and is missing the reinvent- prefix
Solution Edit the documentation
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.