AWS Cloud Operations & Migrations Blog

Unlock Faster Releases with AWS AppConfig: The Secret Weapon for Your CI/CD Strategy

Striking a Balance Between Reliability and Agility in Cloud Operations

The IT operation team of an enterprise serves as the first line of defense against potential business disruptions. They operate 24/7, acts as a hub, continuously monitor and manage the IT environment. The operation team handles and prioritizes critical IT incidents to minimize downtime and data loss by responding promptly. IT operators investigate root causes, identify underlying issues, and implement corrective actions.

In a traditional environment, the operation team directly adapted the infrastructure configuration for events. However, in a state-of-the-art cloud environment, this approach becomes unachievable due to the automation and infrastructure-as-code managed by the developer team and the operation team faces new challenges in the cloud. They must handle high volumes of configuration changes while ensuring data integrity and supplying a reliable, secure platform for configuration update application. To meet these demands, the operation team requires a significant overhaul.

Developer teams now own service deployment, and infrastructure thanks to the cloud. This created a need for streamlined processes like CI/CD pipelines to manage them. While CI/CD solved many deployment challenges, teams still lacked ability to quickly modify application behavior. This was especially apparent when responding to dynamic live environments or incidents.

Continuous Configuration enables business agility

In a static configuration, the configuration parameters for a service are defined upfront, usually during deployment or provisioning. This means that the configuration remains unchanged throughout the service’s runtime. Static configuration is typically used for services that require consistent settings and infrequent changes. But in today’s fast-paced digital landscape, the ability to adapt application behavior quickly is paramount. In the blog post “Continuous Configuration at the Speed of Sound”, Amazon.com CTO Dr. Werner Vogels introduced the concept of continuous configuration (CC): CC updates application configuration data at runtime, enabling real-time reactions to changes. CC enables diverse stakeholders to modify application behavior, eliminating operations bottlenecks.

CC enables organizations to respond quickly to changing business needs. It automates configuration management and rollbacks, minimizing manual work. This saves time and costs by eliminating full code deployments for configuration changes and reducing deployment time while improving application agility.

CC plays a vital role in addressing several concrete use cases. One such scenario arises when a service disruption or a sudden spike in demand necessitates an immediate and secure adjustment to an application’s behavior without the need for code deployment. During such critical incidents, the ability to rapidly change to known, reliable configurations significantly reduces incident response time and minimizes potential downtime. A second scenario could be when the operation team may disable non-critical features like recommender systems during peak demand events (live sports, Black Friday sales). This optimizes cloud resource consumption. By leveraging CC, organizations can effectively respond to dynamic operational challenges, ensuring the resilience and adaptability of their applications in the face of unforeseen circumstances.

CC can be a valuable tool for chaos engineering by providing a mechanism to the operation team and simulate the effects of different types of disruptions, such as throttling application traffic or temporarily disabling critical services, and testing the application’s ability to operate without those dependencies.

Simplifying software development and operations in Enterprise with AWS AppConfig

CC typically involves using a centralized configuration management tool that stores configuration data and distributes it to the relevant cloud resources. This centralized approach simplifies the process of updating configurations and ensures consistency across all instances of the service.

AWS AppConfig centrally stores, manages, and deploys application configurations. It streamlines pushing changes without frequent code deployments. AppConfig tracks configuration version history which enables reverting to previous versions if necessary. Teams can automate deploying configurations, ensuring consistent rollouts. AWS AppConfig grants control over phased configuration distribution.

Organizations can use AWS AppConfig to simplify the software development lifecycle (SDLC) for developers and operations teams. Developer teams can define the application configuration state in AppConfig and store configurations ensuring version control and traceability. They create release versions marking configurations for deployment to environments and automate the deployment using a CI/CD pipeline with an AppConfig resources to roll out configurations to staging, production, or other environments.

An operation team deploys configuration changes using AppConfig to enable controlled, reversible updates. For incidents, they can use AppConfig’s rollback feature to revert to previous versions and restore normal operation. During peak demand, they can tune the application by updating the configuration with AppConfig to ensure availability and responsiveness despite high traffic.

AWS AppConfig provides two main types of configuration profiles: feature flags and freeform configurations. Freeform configuration profiles are used for storing any type of configuration data. This could include settings for application’s environment, database connections, or any other configuration information that the developer team needs to manage. While a feature flag is a configuration element that allows you to toggle the availability or functionality of specific application components.

AWS AppConfig enforces configuration data integrity and consistency. A schema defines the structure and format of configuration data. AWS AppConfig provides validation to check configuration data semantics beyond the schema. This includes confirming consistency with other configurations, validating values within acceptable ranges, and ensuring compatibility with application requirements. By leveraging schema-based and custom validation, the developer team enables robust verification of configuration data correctness and compatibility. Meanwhile, the operation team is able to update quickly configurations without risking production incidents. The operations team chooses the deployment strategy and slowly releases changes to production, monitoring application health with Amazon CloudWatch. When unhealthy, AppConfig automatically rolls back configuration changes to minimize impact.

AWS AppConfig Agents streamline application configuration management across AWS compute resources including virtual machines with Amazon EC2, container resources with Amazon ECS and EKS, and serverless technologies with Amazon Lambda. It automatically polls for updates, caches retrieved configurations locally, and ensures applications access the latest settings. This enhances performance, and bolsters application resilience. You can retrieve configurations from a local HTTP endpoint or the agent can automatically store configurations locally in plain text for applications reading from disk.

Whereas the developer teams own the AWS AppConfig service, the operation team needs an IAM access to AppConfig in every production AWS accounts. The IAM policies for the Developer and Operations teams differ in the scope of permissions granted for using AppConfig.

Resource Type Developer Team Policy Operations Team Policy
Application create, read, update, delete (CRUD) read
Environment CRUD read
Configuration profile CRUD update
Deployment Strategy CRUD read
Start deployment yes yes

In conclusion, Continuous Configuration with AWS AppConfig Transforms IT Operations

Continuous Configuration

Figure 1: Architecture diagram

An operation team is critical for monitoring and responding to incidents to minimize disruption. However, traditional operations models struggle with the scale and automation of the cloud. Continuous Configuration through tools like AWS AppConfig enables an operation team to adjust an application behavior in real-time without redeployment. Developer teams define valid application configurations while operation team can update them safely to contain incidents. Overall, CC increases agility and resilience by empowering operations to implement rapid, reversible changes to optimize application performance and availability. With the proper access controls and processes, both developers and operators can leverage continuous configuration to better meet demands in dynamic cloud environments.
For more information on how continuous configuration can transform your IT operations with AWS AppConfig, see AWS AppConfig Workshop.

About the author:

Guillaume Marchand

Guillaume Marchand

Guillaume Marchand is a Principal Solutions Architect, based in Paris, France. He joined Amazon in 2016 from a TV broadcaster where he managed the architecture of their OTT platform. In his current work, Guillaume supports French TV broadcasters in their cloud journey.