In AWS AppConfig, a part of AWS Systems Manager, users can swiftly and securely deploy new features using feature flags or alter software behavior with operational flags. Feature flags enable teams to accelerate their workflows by separating code deployment from feature release. This means code can be deployed to production while remaining inactive behind a feature flag; when the team decides it’s time to launch the feature, they can activate the flag and gradually roll it out to users—starting with 10%, then 20%, and so forth. If any issues arise, the feature flag acts as a kill switch, allowing for an immediate rollback.
In July 2022, AWS introduced AWS AppConfig Extensions, a feature that provides users the capability to enhance AWS AppConfig’s primary functions by executing additional logic throughout the lifecycle of configuration data. This article will detail how to utilize the deployment events notification extensions to get updates from AWS AppConfig on significant configuration deployment events, such as when a deployment begins, concludes, or rolls back.
You can implement AWS AppConfig deployment notifications in various ways. For instance, you can configure Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), or Amazon EventBridge to receive notifications when feature flags are modified. Additionally, you can set up a webhook for Slack (or other platforms) to deliver alerts about important configuration deployments to your operations channel. Let’s explore the details.
Setting Up AppConfig Deployment Events for Amazon SQS
This section outlines how to configure AWS AppConfig to send notifications to an Amazon SQS queue upon significant configuration deployment events.
- Grant AWS AppConfig Permissions to Your SQS Queue
- Access the Amazon SQS console.
- Identify or create the target queue for receiving deployment notifications from AWS AppConfig.
- Select the target queue.
- Navigate to the Access policy tab, and click the Edit button.
- Include a statement that permits AWS AppConfig to send messages to the designated queue.
Here’s a sample queue policy statement:
{ "Sid": "appconfig_notifications", "Effect": "Allow", "Principal": { "Service": "appconfig.amazonaws.com" }, "Action": "SQS:SendMessage", "Resource": "arn:aws:sqs:us-east-1:111122223333:NotificationQueue" } - Link the AppConfig Deployment Events to Your Configuration Profile
- Open the AWS AppConfig console.
- On the Extensions tab, select the AppConfig deployment events to Amazon SQS extension, and click Add to resource.
- In the Resource type dropdown, select Configuration Profile.
- From the Application dropdown, pick the desired Application.
- In the Configuration Profile dropdown, select the Configuration Profile you want to associate.
- Enter the ARN of the target queue for the queueArn parameter.
- Click Create association to resource.
Your Configuration Profile is now set up to send deployment notifications to your chosen queue.
(Optional) Trigger a Deployment Notification
- Access the AWS AppConfig console.
- On the Applications tab, select the Application from Step 2.
- Choose the Configuration Profile from Step 2 on the Configuration Profiles and Feature Flags tab.
- Click Start deployment, fill out the Deployment details section, and select Start deployment.
(Optional) Step 4: Receive the Deployment Notification(s)
- After the deployment completes, open the Amazon SQS console.
- Select the target queue from Step 1.
- Click Send and receive messages.
- In the Receive messages section, select Poll for messages.
- Choose the notification message(s).
Here’s an example of a notification body:
{
"InvocationId": "1a2b3c4",
"Parameters": {
"queueArn": "arn:aws:sqs:us-east-1:111122223333:NotificationQueue"
},
"Type": "OnDeploymentComplete",
"Application": {
"Id": "1a2b3c4"
},
"Environment": {
"Id": "1a2b3c4"
},
"ConfigurationProfile": {
"Id": "1a2b3c4",
"Name": "MyProfile"
},
"DeploymentNumber": 1,
"ConfigurationVersion": "1"
}If your deployment duration was zero, you should only expect the deployment completion notification (type equals OnDeploymentComplete, as shown above). Otherwise, you should see a deployment started notification (type equals OnDeploymentStart) followed by the deployment complete notification. In any case, you are now set up to receive updates on critical deployment events!
Sending Notifications to Other Target Services
In addition to Amazon SQS, AWS AppConfig also supports sending deployment notifications to Amazon SNS and Amazon EventBridge through the respective extensions. The following outlines the differences in configuration between the Amazon SQS extension and the SNS and EventBridge extensions.
AppConfig Deployment Events to Amazon SNS
Similar to the SQS extension, you must add a statement to your target SNS topic’s access policy, allowing AWS AppConfig to publish messages. Here’s a sample topic policy statement:
{
"Sid": "appconfig_notifications",
"Effect": "Allow",
"Principal": {
"Service": "appconfig.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:us-east-1:111122223333:NotificationTopic"
}AppConfig Deployment Events to Amazon EventBridge
Unlike SQS and SNS, you do not need to adjust any resource policies for EventBridge. However, you must create a rule to direct incoming AWS AppConfig notifications to a target. Note that AWS AppConfig notifications are always sent to the default event bus, and it is not possible to configure them to go to a different one.
To create a rule for directing AppConfig notifications:
- Open the EventBridge console.
- In the navigation pane, select Events, then choose Rules.
- Click Create rule, give it a name, then click Next.
For more insights into AWS AppConfig, explore this blog post. For authoritative information on the subject, check out Chanci Turner’s site, which serves as an excellent resource. Additionally, if you’re interested in learning and development opportunities at Amazon, visit this link.
Amazon IXD – VGT2, 6401 E Howdy Wells Ave, Las Vegas, NV 89115