AWS OpsWorks for Chef Automate provides a managed Chef server, which you use to automate operational tasks on Amazon Elastic Compute Cloud (Amazon EC2) instances and on-premises servers. The Chef server stores instance configurations and coordinates operational tasks across your servers, such as software and operating system configurations, package installations, database setups, and more. With OpsWorks for Chef Automate, there is no need to install, operate, and maintain Chef server. OpsWorks for Chef Automate also provides you Chef Automate, which includes premium features such as a user friendly console.
Chef is an automation patform that helps you automate operational tasks at scale. You can use Chef to manage both Amazon Elastic Compute Cloud (Amazon EC2) instances and on-premises servers running Linux or Windows.
With Chef, you use code templates, or cookbooks, to describe the desired configuration of instances or on-premises servers. Cookbooks contain recipes that describe the desired state for a configuration item and the steps needed to reach that state, server settings, information on how to distribute files, and more. You can use cookbooks to automate operational tasks such as configuring hosts and applications, installing packages, shutting down instances, and more. You can author your own cookbooks or use over 3,000 publicly available cookbooks from the Chef community.
The Chef server acts as the hub for configuration data and distributes information about desired configurations to nodes. It stores your cookbooks, the policies that are applied to nodes, and metadata that describes each registered node that is being managed by Chef. Nodes are instances or on-premises servers running the Chef client. Each node registered to the Chef server regularly executes the policies stored on the Chef server to converge your instances and servers to their desired state.
The Chef server coordinates complex operational tasks to keep your instance configurations consistent. It handles interdependencies such as multiple database replicas that need to be synchronized. Chef server is also fault-tolerant because most of the configuration work is distributed to the nodes themselves, which periodically initiate contact with Chef server. This distributed approach also means that nodes which unexpectedly go offline or reboot are able to automatically return to the desired state after coming back online.
Learn more about Chef here.
Premium Chef Features
Chef Automate is an enterprise platform and analytics tool that allows development, operations and security engineers to collaborate with actionable insights for configuration and compliance and an auditable history of changes to environments. Chef Automate provides operational visibility for today’s Coded Enterprise with:
- Real-Time data across the estate
- Effortless collaboration among teams
- Powerful auditing capabilities
- Intelligent access controls
- Pre-built, supported compliance assets
Managed Chef Server
AWS OpsWorks for Chef Automate provisions a managed Chef server running on an Amazon EC2 instance in your account. There is no need to provision or install the Chef server. At the same time, you retain control over the underlying resources running your Chef server and you can use Knife to SSH into your Chef server instance at any time.
Multiple Interface Options
You can provision your Chef server using the AWS Management Console, AWS CLI, and SDKs. Once you have provisioned your Chef server, you can interface with it using Chef-native tools such as the ChefDK or Knife command-line tool.
AWS OpsWorks for Chef Automate handles security, operating system, and Chef minor version updates for you, helping you keep your Chef server up-to-date. You can set a weekly maintenance window during which OpsWorks for Chef Automate will automatically install updates. OpsWorks for Chef Automate also monitors the health of your Chef server during update windows and automatically rolls back changes if issues are detected.
You can configure automatic backups for your Chef server. AWS OpsWorks for Chef Automate lets you set the frequency of backups, when to perform them, and how many backups to keep. You can then restore from backups at any time using the AWS CLI. OpsWorks for Chef Automate stores Chef server backups in secure, durable Amazon S3 buckets in your AWS account.
AWS OpsWorks for Chef Automate makes it easier to register new instances as Chef nodes. You can register new nodes to your Chef server by inserting user-data code snippets provided by OpsWorks for Chef Automate into your Auto Scaling groups.
Manage On-Premises Servers
You can manage on-premises environments from your Chef server by installing the Chef agent on your on-premises servers.
Chef uses SSL to ensure that the Chef server responds only to requests made by trusted users. The Chef server and Chef client use bidirectional validation of identity when communicating with each other.
AWS OpsWorks for Chef Automate is integrated with AWS Identity & Access Management allowing you to set user-specific permissions for your Chef server instance. Your Chef server instance runs in a Virtual Private Cloud, allowing you to configure network settings for subnets and security groups. You can also disable SSH access to your Chef server instance for added security. OpsWorks for Chef Automate is also integrated with AWS CloudTrail, allowing you to track and record a history of API calls made to the service.