Overview
Application Pattern Orchestrator on AWS is a one-click AWS Solution that helps to establish an automated framework to publish, govern, and maintain reusable, well-architected, secure-by-design, and production-ready application patterns for use by engineering teams in your organization.
It offers a set of integrated capabilities that facilitates decentralized contribution of application patterns, automated validation of pattern compliance with organizational policies, as well as central, unified discoverability.
What's new
- Implemented role based access for the solution web UI.
- Added integration with additional security scanning tools (AWS CloudFormation Guard and Checkov).
To find out about other new features, refer to the Revisions page.
Benefits
Facilitate contribution of application patterns from your distributed engineering teams in a decentralized manner. Reduce reliance on central teams and improve overall productivity through automatic validation of basic compliance checks.
Use patterns and incorporate guardrails for new applications at scale. Automatically validate pattern security, architecture, and compliance against organization-specific policy-as-code.
Allow engineering teams to browse and search for patterns through a centrally accessible user interface built for application developers. Automatically notify users of new patterns and updates to existing patterns.
Orchestrate end-to-end publishing of approved patterns to customizable destinations with out-of-the-box support for AWS Service Catalog for AWS CloudFormation-based patterns and AWS CodeArtifact for AWS Cloud Development Kit (CDK)-based patterns.
Technical details
You can automatically deploy this architecture using the implementation guide and the accompanying AWS CloudFormation template.
Once deployed, access the application through a standalone user interface.
Learn more about using the solution’s web UI and the APIs.
Step 1
AWS WAF to protect the web UI and Amazon API Gateway endpoints against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
Step 2
An Amazon CloudFront distribution to serve the optional UI. CloudFront delivers low latency, high performance, and secure static web hosting. An Amazon Simple Storage Service (Amazon S3) web UI bucket hosts the static web application artifacts.
Step 3
Amazon Cognito to provide authentication mechanism for both the static content hosted in S3 bucket for the web UI and API Gateway endpoints. Cognito also manages federating and storing users from external identity providers (IDPs).
Step 4
API Gateway to expose a set of RESTful APIs. API Gateway processes HTTP requests issued by the users to manage the lifecycle of application patterns and their attributes.
Step 5
A Pattern Portal AWS Lambda function to process the validated requests from the API Gateway. This Lambda function encapsulates the solution's business logic, receiving REST requests from the user via the API Gateway, validating them and storing these requests, and retrieving data to and from the database.
Step 6
AWS CodeCommit to store the pattern's source code. (To configure GitHub or GitHub Enterprise as your pattern’s source code repository instead, deploy the solution using the AWS Cloud Development Kit (AWS CDK) by following the instructions from the solution README.)
Step 7
A pattern pipeline builder AWS CodeBuild to provision the continuous integration and continuous delivery (CI/CD) pipeline for the patterns.
Step 8
AWS CodePipeline to provide the CI/CD pipeline to publish a pattern to its target pattern store.
Step 9
Amazon DynamoDB to store and retrieve pattern’s metadata, publish data and attributes.
Step 10
Automated security check CodeBuild to perform security scan on the pattern’s CloudFormation template which gets triggered automatically when the pattern’s developer raises a pull request.
On completion of the security check, the results are published on the pull request page for the security admin to review. Once approved and the pattern’s code changes are merged into the main branch of the pattern’s code repository, the CI/CD pipeline is automatically triggered to publish the pattern.
Step 11
A pattern’s artifacts stores the published artifacts to AWS Service Catalog for CloudFormation based patterns, and to AWS CodeArtifact for CDK based patterns.
Step 12
Amazon Simple Notification Service (Amazon SNS) topic to receive the published pattern data from the pattern’s publishing pipeline to trigger the email notification mechanism.
Step 13
An email notification Lambda function to receive the pattern’s published data from an Amazon SNS topic, get the list of subscribers from DynamoDB, and invoke Amazon Simple Email Service (Amazon SES). It sends email notifications about the pattern’s publishing status to the subscriber list.
Step 14
Amazon SES to send email notification to the pattern’s subscriber list whenever a new pattern’s version is published.
Step 15
Amazon EventBridge rule to periodically initiate the pattern attribute sync process.
Step 16
EventBridge triggers a Timed Synchronizer Lambda function to pull the pattern attributes from DynamoDB and push them to the Amazon Simple Queue Service (Amazon SQS) queue for performing the sync attribute operation.
Step 17
Amazon SQS queue to receive the attributes data and send it to the AppRegistry Updater Lambda function to update the attribute groups in Service Catalog AppRegistry.
Step 18
An AppRegistry Updater Lambda function to sync the pattern attributes with Service Catalog AppRegistry.
Step 1
AWS WAF to protect the web UI and Amazon API Gateway endpoints against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
Step 2
An Amazon CloudFront distribution to serve the optional UI. CloudFront delivers low latency, high performance, and secure static web hosting. An Amazon Simple Storage Service (Amazon S3) web UI bucket hosts the static web application artifacts.
Step 3
Amazon Cognito to provide authentication mechanism for both the static content hosted in S3 bucket for the web UI and API Gateway endpoints. Cognito also manages federating and storing users from external identity providers (IDPs).
Step 4
API Gateway to expose a set of RESTful APIs. API Gateway processes HTTP requests issued by the users to manage the lifecycle of application patterns and their attributes.
Step 5
A Pattern Portal AWS Lambda function to process the validated requests from the API Gateway. This Lambda function encapsulates the solution's business logic, receiving REST requests from the user via the API Gateway, validating them and storing these requests, and retrieving data to and from the database.
Step 6
AWS CodeCommit to store the pattern's source code. (To configure GitHub or GitHub Enterprise as your pattern’s source code repository instead, deploy the solution using the AWS Cloud Development Kit (AWS CDK) by following the instructions from the solution README.)
Step 7
A pattern pipeline builder AWS CodeBuild to provision the continuous integration and continuous delivery (CI/CD) pipeline for the patterns.
Step 8
AWS CodePipeline to provide the CI/CD pipeline to publish a pattern to its target pattern store.
Step 9
Amazon DynamoDB to store and retrieve pattern’s metadata, publish data and attributes.
Step 10
Automated security check CodeBuild to perform security scan on the pattern’s CloudFormation template which gets triggered automatically when the pattern’s developer raises a pull request.
On completion of the security check, the results are published on the pull request page for the security admin to review. Once approved and the pattern’s code changes are merged into the main branch of the pattern’s code repository, the CI/CD pipeline is automatically triggered to publish the pattern.
Step 11
A pattern’s artifacts stores the published artifacts to AWS Service Catalog for CloudFormation based patterns, and to AWS CodeArtifact for CDK based patterns.
Step 12
Amazon Simple Notification Service (Amazon SNS) topic to receive the published pattern data from the pattern’s publishing pipeline to trigger the email notification mechanism.
Step 13
An email notification Lambda function to receive the pattern’s published data from an Amazon SNS topic, get the list of subscribers from DynamoDB, and invoke Amazon Simple Email Service (Amazon SES). It sends email notifications about the pattern’s publishing status to the subscriber list.
Step 14
Amazon SES to send email notification to the pattern’s subscriber list whenever a new pattern’s version is published.
Step 15
Amazon EventBridge rule to periodically initiate the pattern attribute sync process.
Step 16
EventBridge triggers a Timed Synchronizer Lambda function to pull the pattern attributes from DynamoDB and push them to the Amazon Simple Queue Service (Amazon SQS) queue for performing the sync attribute operation.
Step 17
Amazon SQS queue to receive the attributes data and send it to the AppRegistry Updater Lambda function to update the attribute groups in Service Catalog AppRegistry.
Step 18
An AppRegistry Updater Lambda function to sync the pattern attributes with Service Catalog AppRegistry.
- Publish Date
Note: Before you launch the solution in the AWS Management Console, ensure that you meet the prerequisites in the implementation guide.