Container Based Product Challenge


Hi, we are facing a challenge related to container product on AWS Marketplace

Background of Problem: We have a completely serverless architecture consisting of lambdas. Now, we aimed to deploy the architecture on AWS MarketPlace to sell to customers. There was as such no direct option to deploy the fully serverless architecture to the marketplace. We posted our question to the same platform and got the option of Container Products by AWS. So, the strategy that we followed was that we made images of Lambdas and pushed them to our ECR. Then we created Cloud Formation template in which Lambdas were being deployed in AWS Account and architecture was coming up. Then we moved this same approach to AWS Marketplace, we created container-based products over there using self-service and pushed the images to the three repositories of Marketplace.

Problem 1: The main challenge that we are facing now is that even though our container product is in Limited state but as our product requires Cloud Formation stack that needs to be deployed in the customer's AWS account who'll subscribe to our product. Even though our images of AWS Marketplace are revealed after he has subscribed the product but we are providing the Cloud Formation stack in the usage instructions via link to s3 bucket. The main problem is that how we can assure that the cloud formation stack is only revealed to him once he has subscribed to product and not before. As in our solution after customer has subscribed to product only than Cloud Formation stack should reveal so that he can deploy in his AWS account and we can prevent scam.

Problem 2: The second problem is associated with the first one. How to manage the licensing of our customers. How do we manage that customer's license expire and after that he is not allowed to use our product. We cannot use hourly/monthly method as we are providing him Cloud Formation stack to deploy.

1 Answer


On problem 1, why don't you supply an encrypted form of the CFN template for which you provide the decryption key only when subscription is confirmed.

On problem 2, many architectures use a watchdog: i.e a lambda (that can be made part of your CFN resources) that calls back on recurring basis (every N jours) some mechanism in your management account s, which authorises (or not) further use of your app.



profile pictureAWS
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions