3.1.5 AWS AppConfig

AWS AppConfig

Tổng quan

AWS AppConfig là capability của AWS Systems Manager giúp:

  • Create, manage, và quickly deploy application configurations
  • Supports control deployments to applications of any size
  • Includes built-in validation checks và monitoring

Use Cases

AppConfig works với applications hosted on:

  • ✅ EC2 instances
  • ✅ Lambda functions
  • ✅ Containers (ECS, EKS)
  • ✅ Mobile applications
  • ✅ IoT devices

Core Components

Application → Environment (dev, staging, prod)
           → Configuration Profile → Hosted/S3/SSM
           → Deployment Strategy

AppConfig vs Parameter Store vs Secrets Manager

FeatureAppConfigParameter StoreSecrets Manager
Feature flags✅ Built-in❌ Manual
Gradual rollout✅ Deployment strategies❌ Instant
Validation✅ JSON Schema / Lambda
Rollback✅ Automatic on errors
Caching✅ Client-side (extension)
Secrets✅ Encrypted all
Rotation✅ Automatic
CostFree (config hosting)Free (standard tier)Paid

Access Application Configuration Data

Parameter Store

Retrieve Secrets Manager secrets khi using AWS services support references to Parameter Store parameters:

  • EC2
  • ECS
  • Lambda
  • CloudFormation
  • CodeBuild
  • CodeDeploy
  • Other Systems Manager capabilities

Use Parameter Store to reference Secrets Manager secrets:

  • Create consistent và secure process
  • Call và use secrets trong code và configuration scripts

Lambda Extension for Secrets/Parameters

Scenario: Use parameters từ Parameter Store trong Lambda functions without using SDK

Solution: Secrets Lambda Extension

  • Retrieves parameter values
  • Caches them for future use
  • Reduces API calls
  • Improves performance
import urllib.request
import json

def get_parameter():
    # Extension runs on localhost:2773
    url = 'http://localhost:2773/systemsmanager/parameters/get?name=/myapp/config'
    response = urllib.request.urlopen(url)
    return json.loads(response.read())

AppConfig for Lambda

Lambda Extension for AppConfig:

  • Cache configuration locally trong Lambda
  • Giảm API calls
  • Auto-refresh khi config thay đổi
  • Add as Lambda Layer
import urllib.request
import json

def get_config():
    # Extension runs on localhost:2772
    url = 'http://localhost:2772/applications/MyApp/environments/prod/configurations/MyConfig'
    response = urllib.request.urlopen(url)
    return json.loads(response.read())

Deployment Strategies

StrategyMô tả
AllAtOnceDeploy to all targets immediately
LinearDeploy to % of targets every interval
ExponentialDouble % of targets every interval

Feature Flags

{
  "version": "1",
  "flags": {
    "new_checkout": {
      "name": "New Checkout Flow",
      "attributes": {
        "enabled": {"constraints": {"type": "boolean"}}
      }
    }
  },
  "values": {
    "new_checkout": {
      "enabled": true
    }
  }
}

Configuration Data Access Summary

MethodServiceUse Case
Direct SDKParameter Store, Secrets ManagerFull control, custom logic
Lambda ExtensionParameter Store, Secrets ManagerNo SDK, caching, performance
AppConfig ExtensionAppConfigFeature flags, gradual rollout
CloudFormationParameter Store, Secrets ManagerIaC templates
Systems ManagerParameter Store, AppConfigCentralized management

Exam Tip:

  • AppConfig = feature flags + gradual rollout + validation + rollback
  • Parameter Store = simple key-value, reference Secrets Manager
  • Secrets Manager = encrypted all, automatic rotation
  • Lambda Extension = retrieve parameters/secrets without SDK, caching
  • AppConfig works với EC2, Lambda, containers, mobile, IoT
  • Cần rollback on bad config → AppConfig
  • Cần feature toggle → AppConfig