Installing guardrails for app configuration changes

Safety controls such as monitoring, validation and rollbacks help keep application configuration updates from creating a catastrophic event.

istock 1291478674

Do-overs, re-do, roll again or mulligans – whatever your preferred usage, these terms all give us a chance to correct our mistakes, such as when you slice your drive on the first tee, or your dice roll off the table in Monopoly. Do-overs can be found in software app development as well, which can mean the difference between a small “oops” and a “giant catastrophe” when deploying configuration updates at scale.

AWS AppConfig, a capability within AWS Systems Manager, gives developers a chance to avoid having to do “do-overs” in the form of automated safety controls that monitor the deployment of configuration changes, as well as the ability to roll back to a previous configuration if errors are discovered. The system also includes validation tools that check the configuration changes before deployment begins, lowering the chances for a big mistake that would require a do-over in the first place.

AppConfig lets developers simplify three main tasks when it comes to updating and changing configuration for complex apps:

  • Users can source configurations from the Amazon Simple Storage Service (S3), AWS AppConfig hosted configurations, Parameter Store, and Systems Manager Document Store. In addition, developers can use AWS CodePipeline integration to source configurations from GitHub, Bitbucket Pipelines, and AWS CodeCommit.
  • Validation of configuration file changes with AWS AppConfig validators provide a syntactic check using a JSON schema, or a semantic check using an AWS Lambda function to ensure that configurations deploy as intended. Deployments of configuration changes will proceed only when the configuration data is valid.
  • Deployment and monitoring tools let users define criteria and rate controls to determine how targets receive the new configuration. Deployment strategies can set the velocity, time, and “bake time” of an update. Monitoring helps users proactively catch any errors using integration with Amazon CloudWatch events – if AppConfig finds an error, the system can roll back the deployment to minimize the impact on the application’s users.

Vinni Satija, a product manager of AWS AppConfig, says the combination of a careful deployment along with the validation and monitoring tools can help developers avoid big mistakes during application updates and configuration changes.

“If there are any errors, they are caught early on, and they don’t get propagated to the entire fleet of servers or entire set of users for the applications,” says Satija. “Deploying gradually also helps, because if errors are caught early on, the system stops the deployment to the other hosts and automatically rolls it back to the previous configuration version. It’s almost like the change didn’t happen, and we prevented the risks of the application going down.”

Amazon said they have gotten very positive feedback for AppConfig and its safety features, especially compared to other alternatives for application configuration management. “Often, a customer’s homegrown solution is a database or flat file, but when they make a change, everybody gets it instantly, which adds a lot of risk,”  says Steve Rice, Principal Product Manager of AWS AppConfig. “So things like the ability to do a gradual rollout and validation tools, which a database doesn’t give you natively, are appreciated by customers.”

While you don’t often get do-overs in life; when you get them you usually do better the second time around.

CTA: To learn more about how AppConfig can help in continuous configuration practices, click here.

Copyright © 2021 IDG Communications, Inc.