Before co-founding Configu, Ran was a full stack developer at Testim.io and previously served in an elite cybersecurity unit in the Israeli Defense Forces.
What Is AWS AppConfig?
AWS AppConfig, a feature within the AWS Systems Manager, enables developers to create, manage, and quickly deploy application configurations. This service decouples configuration data from the application code, allowing for changes to be made without affecting the core application logic.
Through AWS AppConfig, configurations can be rolled out securely and consistently across applications in any environment, including development, testing, and production. The service supports various types of configuration data—feature flags, database strings, URLs, and more—providing a centralized solution for managing application settings.
With AWS AppConfig, you can validate configurations against a schema or run-time checks before deployment to ensure they are free of errors. This capability enhances stability by minimizing the chances of introducing faults into production environments due to configuration changes.
This is part of a series of articles about Configuration Management Software
In this article:
AWS AppConfig Use Cases
Here are some of the main use cases of AppConfig.
Feature Flags and Toggles
Feature flags and toggles in AWS AppConfig allow developers to safely introduce and test new features in production without impacting the entire user base. By segmenting users, you can gradually roll out changes, perform A/B testing, and gather feedback on new functionalities before a full-scale launch.
Application Tuning
Application tuning with AWS AppConfig involves adjusting operational parameters to optimize performance and resource utilization. This allows developers and operations teams to fine-tune applications based on current load, user feedback, or emerging requirements, by dynamically managing settings such as cache sizes, thread pool counts, and feature toggles.
Centralized Configuration Storage
AWS AppConfig offers a unified repository for managing application settings across multiple environments and applications. This enables organizations to maintain consistency, reduce duplication, and easily manage configuration data. By centralizing configurations, teams can update settings in one place and have those changes propagate across all applications and environments automatically.
AWS AppConfig supports storing configurations in various AWS services, including the AppConfig hosted configuration store, AWS Secrets Manager, Systems Manager Parameter Store, and Amazon S3.
Tips From the Expert
In my experience, here are tips that can help you better utilize AWS AppConfig for managing application configurations:
-
Use separate environments for staging and production Always create distinct environments for staging, production, and testing to isolate configurations and ensure changes are tested before reaching production. This avoids untested configurations affecting critical systems.
-
Leverage gradual rollouts with deployment strategies When deploying configuration changes, use AWS AppConfig’s deployment strategies to perform gradual rollouts. This enables you to monitor the effects of new configurations in real-time and roll back easily if issues arise before full deployment.
-
Integrate with AWS Secrets Manager for secure configurations Store sensitive configuration data such as API keys or database credentials in AWS Secrets Manager, and reference them from AppConfig. This ensures that sensitive data remains secure while maintaining easy access for your applications.
-
Validate configurations using Lambda functions Implement Lambda function validators to automatically check for errors or missing fields in your configuration files before deploying them. This reduces the risk of incorrect configurations disrupting your application.
-
Use CloudWatch alarms for automated rollback Set up CloudWatch alarms to monitor the health of your application during deployments. Configure AWS AppConfig to automatically roll back changes if an alarm is triggered, ensuring minimal downtime and faster recovery from potential issues.
-
Version your configurations for traceability Take advantage of AWS AppConfig’s built-in versioning system to maintain a history of configuration changes. This enables you to easily rollback to previous versions when troubleshooting issues or reverting configurations.
Benefits of Using AWS AppConfig
AWS AppConfig allows users to:
- Ensure configurations are secure: The rigorous validation process ensures that configurations are error-free before they are deployed, minimizing the potential for disruptions or downtime in production environments.
- Quickly deploy changes across a set of targets: By centralizing the management of configurations, AppConfig enables changes to be applied consistently and quickly to all relevant targets, such as EC2 instances, Lambda functions, containers, mobile apps, or IoT devices.
- Control deployment of changes across your application: Teams can incrementally introduce changes, enabling a portion of the user base or environment to be affected at any given time. This allows for close monitoring of the impact, providing an opportunity to adjust or revert if necessary before a full-scale deployment. The service integrates with Amazon CloudWatch for real-time monitoring.
- Respond to feedback: By enabling quick updates to configuration data without the need for code deployments, AppConfig allows organizations to respond rapidly to changing requirements and market conditions.
How AWS AppConfig Works
AWS AppConfig enables developers to manage application configurations separately from the code. The workflow is as follows:
- Developers identify configuration data within their application that they wish to manage through AWS AppConfig. This data can include feature flags, logging levels, and other operational parameters.
- Once identified, these configurations are organized within AWS AppConfig through a structured process that involves creating an application namespace, defining environments for logical grouping of targets (like beta or production), and setting up configuration profiles that dictate how and where configuration data is stored and accessed.
- The deployment process starts with the creation of a deployment strategy that outlines the speed and manner that changes are applied across environments.
- When a new deployment is initiated, AppConfig retrieves the specified configuration from its storage location, validates it against predefined rules to ensure correctness, and then deploys it to the target environment.
- Next, AWS AppConfig performs safety checks like syntactic validation and semantic validation through Lambda functions to prevent problematic deployments.
- Post deployment, integration with Amazon CloudWatch allows for monitoring of application health, with automatic rollback capabilities if issues are detected, ensuring minimal impact on end-users.
Tutorial: Creating Environments for Your Application in AWS AppConfig
To create an environment in AWS AppConfig:
- Navigate to the AWS Systems Manager:
- In the navigation pane, select AppConfig from the left sidebar. The following screen will appear:
- Select the name of the application you want to configure (in our case it is called MyFlags)
- Go to the Environments tab and select Create environment.
- Enter environment details:
- Name: Provide a name for your environment.
- Description: Add a description for the environment.
- Configure rollback permissions (optional):
- IAM Role: In the Monitors area (under the Environment section), select an IAM role that has permissions to enable AWS AppConfig to roll back configurations if a CloudWatch alarm is triggered.
- CloudWatch Alarms: Choose one or more CloudWatch alarms to monitor. If an alarm is triggered during deployment, AWS AppConfig will roll back the configuration.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:DescribeAlarms",
"appconfig:StartDeployment",
"appconfig:StopDeployment"
],
"Resource": "*"
}
]
}- Associate extensions and tags (optional):
- Extensions: Choose any extensions you want to associate with the environment.
- Tags: Add tags to help organize and manage your environment.
- Click Create environment. AWS AppConfig will create the environment and display its details.
Create a Configuration Profile in AWS AppConfig
To create a configuration profile:
- Navigate to the AWS Systems Manager console.
- Choose the application for which you want to create a configuration profile.
- Go to the Configuration profiles tab and select Create configuration profile.
- We will select Freeform Configuration, because this option allows you to enter values as a JSON string. Fill in the basic details about the configuration profile name and description and click next to the next screen
- Enter Profile Details:
- Name: Provide a name for the configuration profile.
- Description: Add a description for the profile.
- On the next screen, specify Configuration Data as shown in the following screenshot. Paste the following JSON code:
{
"ApplicationId": "your-application-id",
"ConfigurationProfileId": "your-configuration-profile-id",
"LocationUri": "ssm-parameter://your-parameter"
} 
- Add validators (optional):
- Lambda function validators: Ensure that the configuration data is correct before deployment by using Lambda function validators.
def handler(event, context):
# Add the validation logic here
if not event['content']:
raise Exception("Validation failed: content is empty")
print("Validation passed")- JSON schema validators: Use JSON schema to validate the structure of your configuration data.
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "ExampleSchema",
"type": "object",
"properties": {
"setting1": {
"type": "string"
},
"setting2": {
"type": "integer"
}
},
"required": ["setting1", "setting2"]
}- Review the changes you have made on the next screen and click Save and deploy later or Save and continue to deploy. The profile will be available for use in your AWS AppConfig environment, enabling you to manage and deploy configuration data.
Configuration Management with Configu
Configu is a configuration management platform comprised of two main components:
Configu Orchestrator
As applications become more dynamic and distributed in microservices architectures, configurations are getting more fragmented. They are saved as raw text that is spread across multiple stores, databases, files, git repositories, and third-party tools (a typical company will have five to ten different stores). Configu can work as a stand-alone platform or as an orchestrator for secrets managers, feature flags and other stores. It has built-in support for popular feature flag managers, such as Launch Darkly.
The Configu Orchestrator, which is open-source software, is a powerful standalone tool designed to address this challenge by providing configuration orchestration along with Configuration-as-Code (CaC) approach.
Configu Cloud
Configu Cloud is the most innovative store purpose-built for configurations, including environment variables, secrets, and feature flags. It is built based on the Configu configuration-as-code (CaC) approach and can model configurations and wrap them with unique layers, providing collaboration capabilities, visibility into configuration workflows, and security and compliance standardization.
Unlike legacy tools, which treat configurations as unstructured data or key-value pairs, Configu is leading the way with a Configuration-as-Code approach. By modeling configurations, they are treated as first-class citizens in the developers’ code. This makes our solution more robust and reliable and also enables Configu to provide more capabilities, such as visualization, a testing framework, and security abilities.
