This project provides example of serverless integration for SaaS products listed on the AWS Marketplace.
The sample in this repository demonstrates how to use AWS Serverless to integrate your SaaS product with AWS Marketplace and how to perform:
- Setup Product on AWS Marketplace
- Register a New Customers
- Grant and Revoke access to your product
- Metering for usage
- Deploying the sample application using Serverless CLI
- Architecture Diagram
To set up your product on AWS Marketplace, you need to create a product and configure it with the following details
- Product logo URL (Public bucket Logo URL).
- Legal Information for End User(EULA).
- User Registration URL(fulfilment URL).
- Metadata about product.
- Support information for product(Refund Policy).
- AWS Accounts and Countries whitelisting.
With SaaS subscriptions and SaaS contracts, your customers subscribe to your products through AWS Marketplace, but access the product on environment you manage in your AWS account. After subscribing to the product, your customer is directed to a website you create and manage as a part of your SaaS product to register their account and configure the product.
When creating your product, you provide a URL to your registration landing page. AWS Marketplace uses that URL to redirect customers to your registration landing page after they subscribe. On your software's registration URL, you collect whatever information is required to create an account for the customer. AWS Marketplace recommends collecting your customer’s email addresses if you plan to contact them through email for usage notifications.
The registration landing page needs to be able to identify and accept the x-amzn-marketplace-token token in the form data from AWS Marketplace with the customer’s identifier for billing. It should then pass that token value to the AWS Marketplace Metering Service and AWS Marketplace Entitlement Service APIs to resolve for the unique customer identifier and corresponding product code.
Once the resolveCustomer endpoint return successful response, the SaaS vendors must to provide access to the solution to the new subscriber.
Based on the type of listing contract or subscription we have defined different conditions in the grant-revoke-access-to-product.js
stream handler that is executed on adding new or updating existing rows.
In our implementation the Marketplace Tech Admin (The email address you have entered when deploying), will receive email when new environment needs to be provisioned or existing environment needs to be updated. AWS Marketplace strongly recommends automating the access and environment management which can be achieved by modifying the grant-revoke-access-to-product.js
function.
The property successfully subscribed is set when successful response is returned from the SQS entitlement handler for SaaS Contract based listings or after receiving **subscribe-success message from the Subscription SNS Topic in the case of AWS SaaS subscriptions in the subscription-sqs-handler.js
.
Each time the entitlement is update we receive message on the SNS topic.
The lambda function entitlement-sqs.js
on each message is calling the marketplaceEntitlementService and storing the response in the dynamoDB.
We are using the same DynamoDB stream to detect changes in the entailment for SaaS contracts. When the entitlement is update notification is sent to the MarketplaceTechAdmin
.
The revoke access logic is implemented in a similar manner as the grant access logic.
In our implementation the MarketplaceTechAdmin
receives email when the contract expires or the subscription is cancelled.
AWS Marketplace strongly recommends automating the access and environment management which can be achieved by modifying the grant-revoke-access-to-product.js
function.
To setup and deploy code follow below step.
- Install AWS CLI and configure a profile.
export AWS_PROFILE=profile_name
export AWS_REGION=us-east-1
- Install Serverless
- Update config in Parameter Store.
- Run below command inside node-code folder to get the config.
npm run make-config
- Run below command to deploy the code
sls deploy
Below are the list of function created for integration of AWS Marketplace.
-
RedirectToRegister(register.js) This is a edge lambda used for redirect user to registration form.
-
GrantRevokeAccess(grant-revoke-access-to-product.js) This function get triggerd via DynamoDB Stream to evaluate request type of - User Subscribe - Entitlement Updated - User Unsubscribe
-
SubscribeUser(subscribe-user.js) This function will save user data in DDB recieved via form either filled by user or recieved from AWS Marketplace.
-
SetupResources(setup-resources.js) This function will listen the SupportSNS Topic, send email to support admin and will start setup the environment. This function notify admin on any entitlement updated and will setup the resources if required OR send notificaion to any other SNS/SQS/EventBridge to notify.
-
Entitlement(entitlement-sqs.js) This function listen SQS Queue to get data when a user change the contract, subscribe or unsubscribe.
-
MeteringHourlyJob(meteringHourlyJob.js) This function is called via cloudwatch event to send ussage of resources to AWS Marketplace Hourly.
-
AdminJobs(admin.js) This function is used to do admin related jobs like - Get Product Details - Get Offer Details - Update fulfilment URL. - Update product info. - Update allowed aws accounts. - Create Offer. - Update allowed Countries. - Update Support Terms. - Update Legal Terms.
- SAAS Product on AWS Marketplace
- API Gateway
- Lambda Functions
- Dynamodb Tables
- SQS
- SNS
- S3 Bucket
- Cloudwatch Event