How the AWS mApp® Solution Works
The AWS mApp Solution integrates with AWS Service Catalog so CSM Portal customers and CSM users can directly query the AWS API to provision and terminate the AWS products which their organization has defined and made available in the AWS Service Catalog Portfolio.
This mApp Solution covers these primary use cases:
- Allow a CSM Portal customer or CSM user to make an AWS request by choosing Desktop Management > Computer > New CFT in the Service Catalog. When the request is approved, the resource is provisioned in AWS and added to the Cherwell CMDB.
- Allow a CSM Portal customer or CSM user to terminate AWS resources directly from the Cherwell CMDB. Portal users can access their AWS CIs by going to My Items.
- Allow a user to manually add existing AWS resources directly to the Cherwell CMDB.
- Create an Incident in CSM for AWS resources that have CloudWatch Alarms in Alarm state, and associate the Incident to a related CSM configuration item.
For more details about each of these cases, see:
- Provision an AWS Product from the CSM Portal
- Provision an AWS Product from the Desktop Client or Browser Client
- Manually Add an Existing AWS Configuration Item
- Manage an AWS Configuration Item
- Terminate an AWS Configuration Item from the CSM Portal
- Terminate an AWS Configuration Item from the Desktop Client or Browser Client
CSM Features Leveraged in this mApp Solution
This mApp Solution leverages several features of CSM which are either relatively new or more advanced topics. This section serves as an overview of those features.
Action Blocks are similar to One-Step™ Actions, but can be reused across objects by passing in appropriate object-specific data through parameters.
The provision and terminate use cases in this mApp Solution leverage Action Blocks to make API calls directly to the AWS API, bypassing the need to import the AWS Service Catalog into CSM.
For more details on the use of Action Blocks in this mApp Solution, see AWS Action Blocks.
Every AWS account has a public (Access Key ID) and private key (Secret Key). Keys are stored in the AWS Account table, with the Secret Key properly encrypted. This key appears as a hashed until decrypted when needed.
This mApp Solution contains webhooks, which enable the automatic creation of CIs and Incidents for AWS resources.
For more details on the use of webhooks in this mApp Solution, see Configure CSM to Add Incidents for AWS Product Events and Configure CSM to Add AWS Product Configuration Items to your CMDB