AWS AppConfig, a feature of AWS Systems Manager, makes it easy for customers to quickly and safely configure, validate, and deploy feature flags and application configuration. Your feature flag and configurations data can be validated syntactically or semantically in the pre-deployment phase, and can be monitored and automatically rolled back if an alarm that you have configured is triggered. Using AWS AppConfig, you can make application changes safely, avoid errors in configuration changes, deploy changes across a set of targets quickly, and control deployment of changes across your applications.
Move quickly and safely by using feature flags and dynamic configuration
By deploying feature flags and configuration changes at runtime, software behavior to be adjusted immediately or gradually without the risk of redeploying a new version of code. When you use AWS AppConfig, your teams can be responsive, turn features on or off, or throttle up or down other configurations in real time, without restarting your app in production. This process is called “continuous configuration.”
Validate configuration before you deploy to avoid costly errors
AWS AppConfig helps you avoid errors in your configuration that can result in customer-facing problems or even outages. You can validate application configuration data against a schema, or an AWS Lambda function that will run against the configuration. Adding this validation logic to your application configurations helps ensure your configuration data is syntactically and semantically correct before making it available to your application. This validation helps ensure that the configuration being deployed meets expected results. The deployment proceeds only if the validation is successful.
Monitor configuration, and automatically rollback if needed
AWS AppConfig supports best practices by rolling out configuration changes instantly or gradually. The configuration change is monitored over a time period that customers define. If you configure alarms in Amazon CloudWatch, AppConfig can automatically rollback configuration changes in the event that those alarms are triggered.
"Thanks to AWS AppConfig, we have established a mechanism for safer deployment practices with less risk involved. As a result, we can save time and move faster. Our engineering team has been able to safely roll out changes that would have normally taken days in hours."
Yousif A., Senior DevOps Engineer, PBS
Many customers use AWS AppConfig to safely release new features. A feature can be released on production, but hidden behind a feature flag, inaccessible to users. When the feature is ready to be released, deploying a small configuration update with AWS AppConfig can “turn on” that feature for users. Features can be released to some or all users, instantly or gradually.
AWS AppConfig can be used to adjust ops behavior at runtime. For example, you may put timeout values into configuration data, and want to update those on the fly to best tune application performance. Similarly, a DevOps engineer may want to adjust logging verbosity, and increase what events are recorded during a suspected security incident, all without re-deploying the full app.
Allow-listing or block-listing
Certain functionality, APIs, or types of data may only be available to specific users for your app. This can be managed through a dynamic allow-list. Conversely, you may want to block access to specific data or features, and this would be managed through a block-list. AWS AppConfig enables quick and safe management of these lists that gate access.