AWS Configuration Management with AWS OpsWorks for Chef Automate
As the New Year rings in, we’ve been hearing more from companies whose resolutions focus on deepening automation to further streamline their AWS configuration management efforts. One way that organizations are achieving this goal is through the use of AWS OpsWorks for Chef Automate. So, to get you started toward this goal, we have collected for your today a few resources and ideas of how to start 2018 with a more automated configuration management process.
AWS OpsWorks for Chef Automate (OWCA)
OWCA is a popular service as it is a fully managed Chef server and suite of automation tools that provide workflow automation for continuous deployment, automated testing for compliance and security, and a user interface that gives visibility into nodes and their status. The Chef server handles operational tasks (e.g. software and OS configurations, package installations, etc.) that gives you full stack automation. The Chef server centrally stores configuration tasks and provides them to each node in your compute environment.
We recently worked with a data analytics organization who specializes in data-based decision support within the insurance and financial services industries. Their goal was to migrate their Chef community server to an OWCA server in order to reduce management overhead and accelerate high velocity apps. To achieve these goals, the DevOps team at Flux7 migrated the community server, its users, profiles and recipes to OWCA. From here we created the new Chef environment in the OWCA server. Chef gives the client full stack automation, handling a myriad of operations tasks.
This transition was made easier as OWCA is completely compatible with tooling and cookbooks from the Chef community. This transition allowed developers to manage all their nodes using the new Chef OWCA server, allowing them to use OWCA to manage all nodes moving forward. Flux7 consultants also conducted knowledge transfer for the Chef Engineer, teaching them how to separate Chef environments to that they can easily address nodes in different environments, and helped assure ongoing technical and operational success of OWCA.
Using OWCA in a Federated Environment
AWS recently wrote a blog on the topic of using OWCA in federated environments that is a good resource for enterprises looking for greater isolation between their business units. For business units with their own AWS accounts and AWS resources, we recommend you take a look at the federated OWCA approach Darko Meszaros describes. A key benefit of this approach, as he points out, is that any potential Chef server downtime will not cause disruptions across all the organization’s business units and their infrastructure; by having a Chef server for each business unit you can mitigate the issue of having a single point of failure.
Continuous Compliance with OWCA
When security and compliance are defined as code, we can have continuous integration and delivery of these rules. In November, it was announced that OWCA will provide a compliance-as-code solution, allowing customers to scan their entire infrastructure for security risks and compliance issues, generate reports classified by severity and impact levels and build automated testing into their deployment pipelines.
In addition, as of November, OWCA allows application teams to package applications with Habitat Builder (a Chef service for quickly building cloud-native apps) and output them natively to EC2 Container Registry. The benefit: OWCA now also enables easy application automation and workload migration to Amazon’s EC2 Container Service (ECS).
Configuration management as a practice has a long history of streamlining development, protecting against risk and creating efficiencies. When AWS best practices and AWS configuration management are combined with the advantages of DevOps-based AWS automation, the resulting benefits can be applied in a way that simultaneously grows the efficacy of development, operations and security. For further reading on how AWS best practices can benefit your organization, refer to our AWS case studies or subscribe to our DevOps blog below.