AWS OpsWorks for Chef Automate provides a managed Chef server, which you use to automate operational tasks on Amazon Elastic Compute Cloud (Amazon EC2) instances and on-premises servers. The Chef server stores instance configurations and coordinates operational tasks across your servers, such as software and operating system configurations, package installations, database setups, and more. With OpsWorks for Chef Automate, there is no need to install, operate, and maintain Chef server. OpsWorks for Chef Automate also provides you Chef Automate, which includes premium features such as a user friendly console.
Chef is an automation patform that helps you automate operational tasks at scale. You can use Chef to manage both Amazon Elastic Compute Cloud (Amazon EC2) instances and on-premises servers running Linux or Windows.
With Chef, you use code templates, or cookbooks, to describe the desired configuration of instances or on-premises servers. Cookbooks contain recipes that describe the desired state for a configuration item and the steps needed to reach that state, server settings, information on how to distribute files, and more. You can use cookbooks to automate operational tasks such as configuring hosts and applications, installing packages, shutting down instances, and more. You can author your own cookbooks or use over 3,000 publicly available cookbooks from the Chef community.
The Chef server acts as the hub for configuration data and distributes information about desired configurations to nodes. It stores your cookbooks, the policies that are applied to nodes, and metadata that describes each registered node that is being managed by Chef. Nodes are instances or on-premises servers running the Chef client. Each node registered to the Chef server regularly executes the policies stored on the Chef server to converge your instances and servers to their desired state.
The Chef server coordinates complex operational tasks to keep your instance configurations consistent. It handles interdependencies such as multiple database replicas that need to be synchronized. Chef server is also fault-tolerant because most of the configuration work is distributed to the nodes themselves, which periodically initiate contact with Chef server. This distributed approach also means that nodes which unexpectedly go offline or reboot are able to automatically return to the desired state after coming back online.
Learn more about Chef here.
Premium Chef Features
With AWS OpsWorks for Chef Automate, you receive the full Chef Automate platform which includes premium features that you can use with Chef server, like Chef Workflow, Chef Visibility, and Chef Compliance. Chef Workflow helps you manage changes to your configuration and application code, giving you a continuous deployment workflow for developing, testing, and deploying cookbooks and applications into production. The Chef Visibility console lets you see information about the status of your nodes in a user-friendly interface. You also have the option to set up the Chef Compliance module for writing and applying compliance tests against your nodes.
Continuous Compliance Across the Full App Lifecycle
With cloud environments changing all the time, you need to be able to demonstrate that both new and old cloud infrastructure meets both auditors’ requirements as well as internal security requirements. The Chef Automate store comes with a library of ready-to-use InSpec compliance profiles for validating software patches, system security, and evaluation against industry-standard frameworks like the CIS Benchmarks and DISA STIGs.
Managed Chef Server
AWS OpsWorks for Chef Automate provisions a managed Chef server running on an Amazon EC2 instance in your account. There is no need to provision or install the Chef server. At the same time, you retain control over the underlying resources running your Chef server and you can use Knife to SSH into your Chef server instance at any time.
Multiple Interface Options
You can provision your Chef server using the AWS Management Console, AWS CLI, and SDKs. Once you have provisioned your Chef server, you can interface with it using Chef-native tools such as the ChefDK or Knife command-line tool.
AWS OpsWorks for Chef Automate handles security, operating system, and Chef minor version updates for you, helping you keep your Chef server up-to-date. You can set a weekly maintenance window during which OpsWorks for Chef Automate will automatically install updates. OpsWorks for Chef Automate also monitors the health of your Chef server during update windows and automatically rolls back changes if issues are detected.
You can configure automatic backups for your Chef server. AWS OpsWorks for Chef Automate lets you set the frequency of backups, when to perform them, and how many backups to keep. You can then restore from backups at any time using the AWS CLI. OpsWorks for Chef Automate stores Chef server backups in secure, durable Amazon S3 buckets in your AWS account.
AWS OpsWorks for Chef Automate makes it easier to register new instances as Chef nodes. You can register new nodes to your Chef server by inserting user-data code snippets provided by OpsWorks for Chef Automate into your Auto Scaling groups.
Manage On-Premises Servers
You can manage on-premises environments from your Chef server by installing the Chef agent on your on-premises servers.
Chef uses SSL to ensure that the Chef server responds only to requests made by trusted users. The Chef server and Chef client use bidirectional validation of identity when communicating with each other.
AWS OpsWorks for Chef Automate is integrated with AWS Identity & Access Management allowing you to set user-specific permissions for your Chef server instance. Your Chef server instance runs in a Virtual Private Cloud, allowing you to configure network settings for subnets and security groups. You can also disable SSH access to your Chef server instance for added security. OpsWorks for Chef Automate is also integrated with AWS CloudTrail, allowing you to track and record a history of API calls made to the service.