Provisioning for AWS CloudFormation

AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning, and updating them in an orderly and predictable fashion.

BMC Cloud Lifecycle Management service blueprints allow specification of one or more external templates that are sequenced among other template constructs (servers, other PaaS elements, and so on). You can use AWS CloudFormation’s sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application.

You can create templates for the service or application architectures you want and have AWS CloudFormation use those templates for quick and reliable provisioning of the services or applications (called “stacks”). The End User Portal or My Cloud Service console shows end users information returned by the template invocation service about the provisioned artifacts, such as names, identifiers and connection details (all grouped under a name and/or identifier for the "stack".

After the AWS resources are deployed, you can also easily update the stack to conform to a newly submitted template (which might effectively roll back any changes in the artifacts, or drive a change into the resultant stack compared to its original state) or replicate the stack as needed.

The following sections describe the process to set up and provision an AWS CloudFormation resource:

Registering AWS CloudFormation as the proxy custom resource provider

Registering a provider tells BMC Cloud Lifecycle Management where to obtain resources needed for provisioning. Perform the following steps to set up AWS CloudFormation as the proxy custom resource provider:

1. From the BMC Cloud Lifecycle Management Administration Console, click the vertical Workspaces menu on the left side of the window and select Providers.
2. Under Quick Links, select Custom.
3. On the Providers page, click the Register icon .

1. In the Register Provider dialog box, select awscfnprovider as the resource provider type to register.
   
   

   Warning

   Note

   If you do not deploy the artifacts from BMC Communities as indicated in the To download the artifacts from BMC Communities section, Custom will not show up as an option.

   

2.  Complete or modify the following fields, as necessary:

   Field	Description
   Name	(Required) Specify a name for this instance of the AWS CloudFormation provider.
   Description	(Optional) Specify a useful description of the provider. Descriptions can help you distinguish provider instances and help you find a provider by using Search.
   Retry count for AWS CloudFormation API execution	(Required) Specify the number of allowable attempts to access the AWS Management Console.
   Retry interval for AWS CloudFormation API execution in seconds	(Required) Specify the interval (in seconds) between each retry.
   Optionally specifies the proxy host to connect through	Enter the name or IP address of the system that serves as the proxy host. If proxy is enabled, this field is required.
   Optionally specifies the port on the proxy host to connect through	Enter the port on which BMC Cloud Lifecycle Management communicates with the proxy host (for example, 8080). If proxy is enabled, this field is required.
   Optionally specifies the user name to use when connecting through a proxy	Enter the name of a user with Administrator privileges on the proxy host.
   Optionally specifies the password to use when connecting through a proxy	Enter the password for the above user.
   Optional Windows workstation name for configuring NTLM proxy support	If the proxy host is in a Microsoft NT LAN Manager (NTLM), select the domain name from the drop-down list.
   Optional Windows domain name for configuring NTLM proxy support	If the proxy host is in a NTLM domain, select the workstation from the drop-down list.
   Enable the flag to route requests to Amazon via a proxy	Select True to enable BMC Cloud Lifecycle Management to access the internet via a proxy host. The default value is False; proxy mode is not enabled.

   Warning

   Note

   Even though you can specify values for proxy registration-related fields when Enable the flag to route requests to Amazon via a proxy is set to false, ensure that you specify these values only when Enable the flag to route requests to Amazon via a proxy is set to true.

_{Back to top}

Managing AWS CloudFormation provider users

If you create a custom provider by using AWS CloudFormation, you can manage users who can access the provider.

1. In the Providers workspace, select Custom provider type.
2. Click the Mapping User Account button  to open the Manage User Accounts dialog box.
   

3. In the User Name field, enter the name of a user you would like to add, and press Enter.
   This user is an AWS user who has an access key and secret key.
   
   Enter the authentication parameter values for the user in the table.
   The parameters that appear are determined when you set up the integration. The following table lists the parameters that you must use for AWS CloudFormation:

   Parameter	Description
   accessKey	(Required) Specify the access key ID (for example AKIDIOSFORNN7EXAMPLE) that you will use to sign programmatic requests (AWS SDK, REST, or Query APIs) that you will make to AWS.
   user	(Required) Specify the port on which the CloudFormation service is running on the host
   secretKey	(Required) Specify the secret access key (for example wJalrXUtnFEMI/K7MDENG/sPxRgiCYEXAMPLEKEY) that you will use to sign programmatic requests (AWS SDK, REST, or Query APIs) that you will make to AWS.
   New in 4.6.07.001default_region	(Optional) Specify the region, if you are using specific AWS environment. For example, if you are using AWS government environment, you can specify us-gov-west-1. If the field is blank, AWS Public platform is used.

4. Click Save.
5. To edit a user:
   1. Select the user name from the table on the left.
   2. Click the Edit button .
   3. Make the necessary changes in the parameter table.
   4. Click Save.
   5. To delete a user, select the user name, and click the Delete button .

_{Back to top}

Onboarding resources for AWS CloudFormation

To prepare the AWS CloudFormation resources that are used for provisioning, you must onboard the logical data centers (LDCs). Then, BMC Cloud Lifecycle Management can use the designated resources.

1. From the BMC Cloud Lifecycle Management Administration console, click the vertical Workspaces menu on the left side of the window and select Resources.
2. Under Quick Links on the left, click Network Containers.
   The system displays all resources currently onboarded. 
3. Click Onboard Logical Data Center .
   
   
    
4. On the Onboard Logical Data Centers dialog box in the Provider field, select the name of the public provider that you set up for AWS CloudFormation, for example, awscfnprovider .
5. In the Proxy Provider field that appears, select the name of the proxy provider that you set up for AWS CloudFormation, for example, CloudFormation.
6. In the Account field that appears, select the Account that can access the AWS CloudFormation proxy provider.
   The available logical data centers appear in the list on the left. 
7. Under Available Logical Data Centers, select resources in the list on the left and move them to the list at right.
   The naming convention for LDCs is in the format: Account_Name: Proxy_Provider_Name:Region
8. Click Onboard.

_{Back to top}

Mapping tenants to the logical data center

The next step is to map tenants to a logical data center. The steps are similar to mapping tenants to a network container:

1. From the BMC Cloud Lifecycle Management – Administration Console, click the vertical Workspaces menu and select Resources.
2. Under the Quick Links > Network section, click Network Containers.
3. Select the network container to which you want to map one or more tenants.
4. Click Manage Tenant Mappings .
   The Map Tenants dialog box is displayed for the selected network container. In the Name field, the name of the logical data center is displayed. In the Available Tenants table, the list of onboarded tenants is displayed.
   

5. Select one or more tenants from the tenants table and click Add >.
   The selected tenant or tenants are moved to the Mapped Tenants table. You can search for a tenant by using the Search field.

   Warning

   Note

   The Search field is case-sensitive.

6. Click Save. 
   The selected tenant or tenants are mapped to the network container.  

   Warning

   Note

   After you map a tenant to a network container, refresh the page. Sometimes, when you modify the container later, the tenant is not saved against the network container.

_{Back to top}

Setting up service blueprints for custom resources

The Service Designer workspace offers considerable flexibility when defining a blueprint. The following sections provide a set of steps for creating a multi-tier blueprint for a public PaaS service. You can use this approach or develop your own techniques for building a service blueprint.

To create a service blueprint

1. In the Service Designer workspace, click Create New > Service Blueprint. Then, click Custom Resource.
   A new Custom Resource is added to the service blueprint as shown in the following figure:
   
2. Click Save.
3. Enter a unique name for your blueprint to describe the custom resource type (for example, CFN_SingleLAMP).
4. Provide a Description.
5. Click OK. 

_{Back to top}

To add an AWS CloudFormation resource set to a multi-tier service blueprint

1. In the Service Designer workspace, click the AWS CFN resource in the service blueprint that you created.

2. In the edit pane for that resource set opens, under Custom Resource Properties, specify information for the new AWS ClodFormation resource.
   
   

   Field	Instruction
   Proxy Provider Definition	Select the proxy provider. For AWS CloudFormation, select awscfnprovider.
   Type	Select the type of resource. For AWS CloudFormation, select CustomResource.
   Subtype	Select the subtype of the resource. For AWS CloudFormation, select AWS CFN.
   IR Type	Select the installable resource type. For AWS CloudFormation, select External Repository.
   Location	Specify the location of the AWS template in Amazon S3 (for example, https://s3-us-west-2.amazonaws.com/cloudformation-templates-us-west-2/EC2InstanceWithSecurityGroupSample.template).
   Account (Version 4.6.04 and later)	Select an AWS CloudFormation account.
   Region (Version 4.6.04 and later)	Select the region for the account.

3. (Version 4.6.04 and later) Click the Discover Parameters button to upload the parameters for the template file that you entered in the Location field.
   The parameters appear on the Parameters panel.

4. Open the Parameters panel, and add, edit, and delete the necessary parameters.

   Warning

   Note

   The parameters that you add would depend on the AWS resources that you want to create. Only if the parameters defined in the service blueprint are configured with User Entry Enabled and Required options, you can see the one-click Reprovisioning option.

   

   For more information about entering parameters, see Configuring-service-blueprint-parameters.

5. Click the custom resource set (the green box) to provide basic details.

   Field	Instruction
   Name	Enter a name for the custom resource set.
   Description	Describe the purpose or nature of the custom resource set.
   Number of Instances	Enter the number of instances to be provisioned. The number you enter appears in the upper-right corner of the box representing a resource instance.
   Tags	Define any tags you want applied to this PaaS resource set.  These tags must match the tags you specify in the logical data center. For more information about tags in service blueprints, see Managing-blueprint-tags.

6. To allow a custom resource set to be reused in other service blueprints, save it to the Blueprint Library:
   1. Right-click the custom resource set and click Convert to Reference.
   2. Enter a Name for the custom resource set. For example, CFN_Infrastructure. This name will be visible in the Blueprint Library; therefore, provide a name that enables cloud administrators to easily identify the custom resource set.
   3. Enter a Description of the custom resource set.
   4. Click OK.
      The blueprint is added to the Service Blueprints section of the Blueprint Library.
7. When you have finished defining the custom service blueprint, click Save and provide a name for the service blueprint. You can save a version of a blueprint and assign a tag to each version, as described in Creating-copying-or-editing-a-service-blueprint.

_{Back to top}

Creating a service offering

Many options exist for creating a service offering. The following procedures describe one way to create a typical service offering for a PaaS service. 

For additional information, see Creating-cloud-services.

To create a service

Before you can create a service offering, you must first create a service.

1. From the BMC Cloud Lifecycle Management Administration Console, click the vertical Workspaces menu on the left side of the window, and click Service Catalog. 
2. In the Service Catalog, click Create a New Service. 
3. Enter a service name. 
4. For Type, select Technical service.
5. Enter a description of the service. 
6. Click Apply.

After you have created a service, you can create a service offering, as described in the next procedure.

_{Back to top}

To create a service offering

1. Using the service you created in the previous procedure, click Create a New Service Offering. 

2. In the General Information tab, define the options described in the following table.

   Option	Description
   Default Service Offering	Enable this option to make the selected service offering the default for the service. Unless users select a different service offering, the default service offering is used.
   Name	Enter a short, descriptive name for the service offering.
   Description	Enter a more detailed description of the service offering.
   Service Blueprint	Specify the software and hardware to associate with the service offering by selecting one of the available blueprints.
   Reference Definition	Specify how to select a version of a service blueprint. You can select a version by number, the latest version, or a version that is associated with a tag.
   Definition	Select the definition that provides deployment details. Each service blueprint can include multiple definitions.

3. Add a Base Customer Price to define the amount charged to the customer for the service offering. You can enter multiple customer prices for each service. 
4. Add a Base Deployment Cost to define the amount that it costs to provide the service offering. You can enter one deployment cost for each service. 
5. Click Apply.

After you have created a service offering, you can create a requestable offering, as described in the next procedure.

_{Back to top}

To create a requestable offering

Use this procedure to create the service offering that an end user can request.

1. From the service offering, select the drop-down list beside the Create the request definition icon and select Create request definition.
   The Request Definition dialog box opens.

2. Under Request Definition Details, enter the following information:

   Option	Description
   Title	Enter a descriptive title for the requestable offering.
   Description	Enter a detailed description of the requestable offering. Warning Note Only 255 characters can be shown in the Request Entry console. Any text greater than 255 character is indicated by an ellipsis (...).
   Start Date	Enter the date when this requestable offering goes online.
   Change Policy	Select the change policy required.
   Type	Select Compute. (Even when defining a service offering for custom resource provisioning, select Compute.)

3. Click Next.
4. Under Select Navigation Category, select Cloud Services.
5. Under Request Definition Packages, associate one or more entitlement packages with the requestable offering by selecting a package from the Available Packages table and clicking Add.
6. Click Finish.

_{Back to top}

Provisioning an AWS CloudFormation service

AWS CloudFormation resources are represented as Custom Resources with the specified resources and output properties in the My Cloud Services console or End User Portal.

To request a AWS CloudFormation service

After logging in to the My Cloud Services console, search the Catalog for a service that you want to request, add it to your cart, and then submit your request.

1. In the Catalog tab of the My Cloud Services Console, use any of the following methods to locate a service:
   • Use your browser's scroll bar to browse the tiles for available services.
   • Enter search text in the Search Offerings field, and press Enter. You can add multiple search terms. The Catalog is updated automatically to list all the services that match any of the search terms you entered. Click the X next to a search term to remove it from the Search Offerings field.

   • Select one or more categories in the Filter list. Any categories you select are added to the Search Offerings field, and the Catalog is updated automatically to list only the services in the categories you selected.
     
     
     For more information about searching, see Searching in the My Cloud Services Console.

     Warning

     Note

     When running the My Cloud Services Console in the Chrome browser, you cannot select filters on the Catalog page when you use the keyboard (for example, pressing the space bar to select a filter) to interact with the UI. Instead, use Shift+space bar to select the filters.

2. When you have located a service you want to select, click its tile in the Catalog.
   The Catalog details page appears for the catalog item you selected.
   
   
   The estimated cost is calculated in the left column. In the example above, there is no cost for the service.
3. (Optional) If you are a cloud administrator or a tenant administrator, click Change owner and set the owner for the request. (See To request a service on behalf of another user.)
4. (Optional) If you want an email to be sent when this service is provisioned, select the Email technical owner when provisioned check box.
    An email is sent to the user if an email address is assigned to that user in the system. (For information about configuring users, see Adding-people-records-from-a-template.)
   

5. Enter the following information about the service:

   Field	Description
   Service Name	Name of the service as you would like it to appear in your list of services. This field is required. You can enter a maximum of 80 characters.
   Custom Resource Name Prefix	String appended to the custom resource for ease of identification. This field is required.
   Description	Description of your service. For example, you might describe the purpose of the service. This field is optional.

6. (Optional) If you want to set AWS CloudFormation parameters at runtime, specify the required values.
   
7. When you are satisfied with the configuration of this service, click Add to Cart.
8. The Configuration screen remains open, with your options still selected. If you want to edit this instance of the service, enter new details for the instance, and click Update.
   When you have added all of the services you want to request, perform one of the following actions:
   • In the My Cart drop-down window, showing a brief summary of the services in your cart, click Proceed to Checkout.
   • From any screen in the My Cloud Services Console, click My Cart.
9. On the My Cart screen, which shows the resources ready to be submitted, click Next.
10. In the Cart Checkout Information screen > Order Details section, complete all fields present.
    Your cloud administrator configures which fields appear in the Order Details section. By default, the following fields are available:
    • Charge Code—Select a code to which the cost of your request will be charged.

    • Decommission Date—Select the date at which your services will be decommissioned.

      Warning

      Note

      The cloud administrator may add other fields to the Order Details section. See Customizing-the-Cart-Checkout-page for more information.

11. Click Submit Request.
    The My Requests section of the My Resources tab appears, showing the provisioning status of your request. You can also see the status in the Resource List or Activity Log section of the My Resources tab. When you click Submit Request, all of the items in the cart are submitted, and the cart is emptied.

 

_{Back to top}

Managing AWS CloudFormation resources

You can perform the following basic management actions if the template is modified:

• Decommission Service: When you create cloud services, you specify a date in the future when the service will be decommissioned. However, you can decommission a service before the planned decommission date.
• Extend Decommission Date: When you create cloud services, you specify a date in the future when the service will be decommissioned. However, you can extend the life of a service past the planned decommission date.
• Reprovision Service: When you create cloud services, you specify provisioning parameters. However, you can update the stack parameters and reprovision the service.

To reprovision a custom resource

Perform the following steps if you want to update the existing CloudFormation resources:   

1. Navigate to My Cloud Services console > My Resources tab > Resource Type > Custom Resources.
2. Click the hyperlink for the specific custom resource as shown in the following figure:
   

3. On the Custom Resources details page, click Reprovision as shown in the following figure:
   

   Warning

   You can also perform steps 2 and 3 by selecting the check box to the left of the specific custom resource, and then from the Actions section, selecting Reprovision.
   

4. On the Custom Resource Reprovision dialog box, under the Parameters field, specify new values for the the AWS resources that you want to reprovision.
   

1. Click Reprovision.
   Once reprovisioning is complete, the new values for the CloudFormation resources are displayed.

_{Back to top}

Related topics

Setting-up-and-using-external-templates-for-provisioning

Known and corrected issues

BMC Cloud Lifecycle Management Communities posting