Q: What is AWS OpsWorks for Chef Automate?
AWS OpsWorks for Chef Automate provides a fully managed Chef server and suite of automation tools that give you workflow automation for continuous deployment, automated testing for compliance and security, and a user interface that gives you visibility into your nodes and their status. The Chef server gives you full stack automation by handling operational tasks such as software and operating system configurations, package installations, database setups, and more. The Chef server centrally stores your configuration tasks and provides them to each node in your compute environment at any scale, from a few nodes to thousands of nodes. OpsWorks for Chef Automate is completely compatible with tooling and cookbooks from the Chef community and automatically registers new nodes with your Chef server.
Q: How is OpsWorks for Chef Automate different from OpsWorks Stacks?
OpsWorks for Chef Automate is a configuration management service that helps you instantly provision a Chef server and lets the service operate it, including performing backups and software upgrades. The service offers full compatibility with Chef’s Supermarket cookbooks and recipes. It supports native Chef tools such as TestKitchen and Knife. The OpsWorks Stacks service helps you model, provision, and manage your applications on AWS using the embedded Chef solo client that is installed on Amazon EC2 instances on your behalf. To learn more, see OpsWorks Stacks.
Q: Who should use OpsWorks for Chef Automate?
Customers who are looking for a configuration management experience that is fully compatible with Chef, including all community scripts and tooling, but without operational overhead should adopt OpsWorks for Chef Automate.
Q: How can I access OpsWorks for Chef Automate?
The OpsWorks for Chef Automate service is available through the AWS Management Console, AWS SDKs, and the AWS Command Line Interface (CLI). After the Chef server has been set up, it can also be managed by Chef-compatible tools such as Knife.
Q: In which regions is OpsWorks for Chef Automate available?
See Regional Products and Services for details.
Q: Are there any limits to OpsWorks for Chef Automate?
The default service limits are:
- Configuration management servers per region: 5
- Automated backups per configuration management server: 30
- Manual backups per configuration management server: 10
If you would like to change these limits, contact AWS Support.
Q: What network requirements must my servers meet to work with OpsWorks for Chef Automate?
Your servers must be able to connect to AWS public endpoints. See the documentation for details.
Q: What is Chef and how does OpsWorks for Chef Automate use it?
Chef Automate is a software bundle by Chef Software, Inc. that automates how applications are configured, deployed, and managed through the use of code. OpsWorks for Chef Automate uses Chef recipes to deploy and configure software components on Amazon EC2 instances and on-premises servers. Chef has a rich ecosystem with hundreds of cookbooks that can be used in AWS, such as cookbooks for managing PostgreSQL, Nginx, Solr, and many more.
Q: What is Chef Automate?
Chef Automate gives you a full-stack, continuous deployment pipeline, automated testing for compliance and security, and visibility into everything that's happening along the way. It builds on Chef for infrastructure automation, InSpec for compliance automation, and Habitat for application automation. You can transform your company into a highly collaborative, software-driven organization with Chef Automate as the engine. To learn more, see the Chef Automate product details page.
Q: How do I use the Chef Automate console?
Chef Automate includes its own console. The Chef Automate Console can be accessed through the OpsWorks link on the the AWS Management Console. After you click the link, you will be prompted for the credentials that you were assigned when you set up the Chef Automate server.
Q: I am an AWS OpsWorks Stacks customer. Should I migrate to the new OpsWorks for Chef Automate service?
OpsWorks Stacks customers who are looking for full Chef server compatibility are encouraged to use OpsWorks for Chef Automate. To learn more about OpsWorks Stacks, see the OpsWorks Stacks product details page.
Q: How can I migrate from OpsWorks Stacks to OpsWorks for Chef Automate?
Before you migrate, you first have to adapt your OpsWorks cookbooks to work on a Chef server. Some may work without alterations, however. If you are using OpsWorks instance scaling (either time-based or load-based), you’ll need to use an EC2 Auto Scaling group and OpsWork Chef’s node registration feature instead. You will later be able to work with your Chef server and nodes by using Chef’s Visibility console or Knife.
Q: Which versions of Chef are supported?
OpsWorks for Chef Automate currently supports Chef Automate 12. The OpsWorks for Chef Automate service will regularly upgrade your Chef server to the latest recommended version.
Q: Which cloud resources power my AWS OpsWorks for Chef Automate server?
AWS OpsWorks for Chef Automate uses proven AWS features and services, such as Amazon EC2, Amazon EBS, Amazon S3, and Amazon CloudWatch to create the components that make up your managed Chef server. OpsWorks for Chef Automate uses the Amazon Linux Amazon Machine Image (AMI).
Q: How can I back up my Chef server?
You can define a daily or weekly recurring Chef server backup. The service stores the backups in Amazon S3 on your behalf. Alternatively, you can choose to create manual backups on demand.
Q: How many backups can I keep for every Chef server?
Backups are stored in Amazon S3 and incur additional fees. You can define a backup retention period of up to 30 generations. You can submit a service request to change that limit by using AWS Support channels.
Q: How can I restore my Chef server to an earlier point in time?
After browsing through your available backups, you can choose a point in time from which to restore your Chef server. Server backups contain only Chef software persistent data such as cookbooks and registered nodes.
Q: Which resources can I connect to my Chef server?
You can connect any EC2 instance or on-premises server that is running a supported operating system and has Internet access to an OpsWorks for Chef Automate server. You are charged an hourly fee for every connected resource.
Q: How do I register nodes with the Chef server?
You’ll get user-data code snippets through the console. You can put these code snippets in an EC2 Auto Scaling group. These code snippets ensure that your instances are registered to your Chef server as Chef nodes, and that they run the corresponding Chef recipes. On-premises servers require that you install the Chef client agent software and register the server with your Chef server.
Q: How can I keep the underlying Chef server running and up-to-date?
Your managed configuration management server is updated to the latest version of Chef Automate during the maintenance window that you configure. OpsWorks for Chef Automate also regularly runs security updates and operating system package updates for you.
Q: What is an OpsWorks for Chef Automate maintenance window?
A maintenance window is a daily or weekly one-hour time slot during which OpsWorks for Chef Automate initiates Chef minor version updates, security updates, and operating system package updates. For example, if you select a maintenance window that begins every Sunday at 2:00 A.M., OpsWorks for Chef Automate initiates the platform update between 2:00 and 3:00 A.M. every Sunday.
The maintenance window is set on a per-Chef-server basis, so you can set different maintenance times for different Chef servers. If you want to change when maintenance is performed, you can use the OpsWorks for Chef Automate console, the AWS CLI or APIs.
Q: How do I set up a maintenance window?
The maintenance window is enabled by default and can be set during the Chef server setup phase. You can change settings later by using the AWS Management Console, CLI, or APIs.
Q: What kinds of version updates will be performed by OpsWorks for Chef Automate?
OpsWorks for Chef Automate automatically performs updates for new Chef minor versions. OpsWorks for Chef Automate does not perform major platform version updates automatically (for example, a major new platform version such as Chef Automate 13) because these updates might include backward-incompatible changes and require additional testing. In these cases, you must manually initiate the update.
Q: When and how can I perform major version updates?
You can perform major version updates at any time by using the AWS OpsWorks for Chef Automate console, API, or CLI.
Q: How does AWS OpsWorks for Chef Automate apply updates?
The updates are applied directly to the managed EC2 instance on which the Chef server is running. If the OpsWorks for Chef Automate health system detects any issues during the update, OpsWorks for Chef Automate will roll back changes and try again during the next maintenance window.
Q: Will my Chef server be available during the maintenance window?
Your Chef server is not available when maintenance updates are being applied. Your connected nodes enter a pending-server state until maintenance is complete. The connected nodes will continue to operate normally.
Q: How will I be notified of the availability of new OpsWorks for Chef Automate versions?
You are notified about new Chef versions through the OpsWorks for Chef Automate console. The service console informs you if your Chef server was updated during the maintenance window.
Q: Where can I find details about changes between platform versions?
Details about changes between Chef Automate versions are on the OpsWorks for Chef Automate Release Notes page.
Q: How often are platform version updates released?
The number of version releases each year varies based on the frequency of Chef Automate patch releases from Chef and acceptance testing performed by AWS.
Q: How do I get started with OpsWorks for Chef Automate?
The best way to get started with OpsWorks for Chef Automate is to review the AWS OpsWorks for Chef Automate Getting Started chapter of the technical documentation.
Q: How do I create Chef cookbooks and recipes?
The easiest way to get started is to use existing Chef recipes. Many public repositories contain Chef cookbooks with recipes that can run with little to no modification. The OpsWorks for Chef Automate Starter Kit also includes an example Chef recipe and describes how it works.
Q: Can I use community cookbooks from the Chef Supermarket?
Yes. OpsWorks for Chef Automate provides configuration management experience that is fully compatible with Chef Automate. You can use community-authored cookbooks with no AWS-specific modifications.
Q: How do I upgrade my Chef nodes to a newer release version?
Chef node upgrades can be done at your convenience by using the Chef omnibus recipe. Although OpsWorks regularly performs Chef server version upgrades on your behalf, your Chef nodes continue to operate even if they remain on the earlier version.
Q: Does my OpsWorks for Chef Automate server support community tools like Knife and Test Kitchen?
Yes. OpsWorks for Chef Automate provides configuration management experience that is fully compatible with Chef Automate. You can use the same ecosystem of tools as an on-premises Chef Automate server.
Q: Is there a sample cookbook that I can use to check out OpsWorks for Chef Automate?
Yes. The OpsWorks for Chef Automate Starter Kit includes a sample cookbook that you can use to test drive the offering and explore its functionality.
Q: Is it possible to use AWS Identity and Access Management (IAM) with OpsWorks for Chef Automate?
Yes. IAM users with the appropriate permissions can work with AWS OpsWorks for Chef Automate. The Chef users are not managed by IAM and must be provisioned from within Chef Automate.
Q: How do I create IAM users?
You can use the IAM console, IAM command line interface (CLI), or IAM API to provision IAM users. By default, IAM users have no access to AWS services until permissions are granted.
Q: Do I have root access to my OpsWorks for Chef Automate server EC2 instance?
Yes. You can provide an SSH key pair to enable root access to the OpsWorks for Chef Automate server EC2 instance. OpsWorks for Chef Automate provides you with tooling to perform common operational tasks, and so we recommend that you disable SSH access.
Q: Where can I find more information about security and running applications on AWS?
See Amazon Web Services: Overview of Security Processes and the AWS Security Center.
Q: Can I get a history of OpsWorks for Chef Automate API calls made on my account for security analysis and troubleshooting purposes?
Yes. To get a history of OpsWorks for Chef Automate API calls made on your account, you simply turn on AWS CloudTrail in the AWS Management Console.
Q: How much do the AWS resources powering my application on OpsWorks for Chef Automate server cost?
The OpsWorks for Chef Automate server is configured on your behalf and powered by Amazon EC2, Amazon EBS, Amazon S3, and Amazon CloudWatch. For EC2 pricing information, see the EC2 detail page. For S3 pricing information, see the pricing section of the S3 detail page. For CloudWatch pricing information, see the pricing section of the CloudWatch detail page. There are three EC2 instance types to choose from for running the Chef server: t2.medium, m4.large, m4.2xlarge. The hourly rate depends on the instance type used.
Q: Am I billed for EC2 instances and on-premises servers that are connected to my OpsWorks for Chef Automate server?
You pay an hourly fee for each EC2 instance and on-premises server that is connected to an AWS OpsWorks for Chef Automate server. There are no minimum fees and no upfront commitments. For more information, see our pricing page.
Q: How do I view the cost of AWS resources that have been used by my OpsWorks for Chef Automate server?
OpsWorks for Chef Automate automatically tags all Chef server resources with the name of your Chef server. You can use these tags with Cost Allocation Reports to organize and track your AWS costs. See AWS Account Billing for details.
Q: Does AWS Support cover OpsWorks for Chef Automate?
Yes. AWS Support covers issues related to your use of OpsWorks for Chef Automate. See the AWS Support page for details.
Q: What other support options are available?
You can tap into the breadth of existing AWS community knowledge to help you with your development by using the AWS OpsWorks discussion forum.