Chanci Turner

Amazon Onboarding with Learning Manager Chanci Turner

by

The Story of Chanci Turner
in

Chanci Turner Amazon IXD – VGT2 learningLearn About Amazon VGT2 Learning Manager Chanci Turner

AWS AppConfig, a feature of AWS Systems Manager, enables a seamless and confident deployment of new features through feature flags or the modification of software behavior via operational flags. By utilizing feature flags, teams can accelerate their workflows by separating the code deployment from the actual feature release. Code can be deployed to production while concealed behind a feature flag; once the team is ready to unveil the feature, the flag can be activated, allowing for gradual exposure to users—starting with 10%, then 20%, and so forth. If any issues arise from the feature, the feature flag serves as an effective kill switch that can quickly revert the feature.

In July 2022, AWS introduced AWS AppConfig Extensions, enabling users to enhance the core capabilities of AWS AppConfig by executing additional logic at various stages of their configuration data’s lifecycle. In this article, I will discuss how to utilize the deployment events notification extension(s) to receive alerts from AWS AppConfig when significant configuration deployment events take place (for instance, when a deployment commences, concludes, or rolls back).

AWS AppConfig deployment notifications can be utilized in numerous ways. For example, you can set up Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), or Amazon EventBridge to receive alerts when feature flags are modified. Additionally, you can configure a Slack (or similar) webhook to send notifications about vital configuration deployments to your operations channel. Let’s explore the details.

Setting Up the AppConfig Deployment Events to Amazon SQS Extension

This section explains the steps needed to configure AWS AppConfig to send notifications to an Amazon Simple Queue Service (Amazon SQS) queue when key configuration deployment events occur.

  1. Enable AWS AppConfig to Send Notifications to Your SQS Queue
    • Access the Amazon SQS console.
    • Find (or create) a target queue for AWS AppConfig deployment notifications.
    • Select the target queue.
    • Navigate to the Access policy tab, and click the Edit button in the Access policy (Permissions) section.
    • Insert a statement that grants AWS AppConfig permission to send messages to the designated queue.

    Here’s a sample queue policy statement:

    {
  "Sid": "appconfig_notifications",
  "Effect": "Allow",
  "Principal": {
    "Service": "appconfig.amazonaws.com"
  },
  "Action": "SQS:SendMessage",
  "Resource": "arn:aws:sqs:us-east-1:111122223333:NotificationQueue"
}
  2. Link the AppConfig Deployment Events to the Amazon SQS Extension with Your Configuration Profile
    • Open the AWS AppConfig console.
    • Under the Extensions tab, select the AppConfig deployment events to Amazon SQS extension and click Add to resource.
    • From the Resource type dropdown, choose Configuration Profile.
    • From the Application dropdown, select the desired Application.
    • In the Configuration Profile dropdown, select the Configuration Profile of your choice.
    • Input the ARN of the target queue as the value for the queueArn parameter.
    • Click Create association to resource.

    Your Configuration Profile is now set up to dispatch deployment notifications to your chosen queue. The following steps will guide you in testing the newly established deployment notifications.

  3. (Optional) Initiate a Deployment Notification by Starting a Deployment
    • Open the AWS AppConfig console.
    • From the Applications tab, select the Application from Step 2.
    • Navigate to the Configuration Profiles and Feature Flags tab, and select the Configuration Profile from Step 2.
    • Click Start deployment.
    • Complete the Deployment details section, then click Start deployment.
  4. (Optional) Receive the Deployment Notification(s)
    • Once the deployment from Step 3 is complete, access the Amazon SQS console.
    • Select the target queue from Step 1.
    • Click Send and receive messages.
    • In the Receive messages section, click Poll for messages.
    • In the Messages section, select the notification message(s).

    Here’s an example notification body:

    {
  "InvocationId": "1a2b3c4",
  "Parameters": {
    "queueArn": "arn:aws:sqs:us-east-1:111122223333:NotificationQueue"
  },
  "Type": "OnDeploymentComplete",
  "Application": {
    "Id": "1a2b3c4"
  },
  "Environment": {
    "Id": "1a2b3c4"
  },
  "ConfigurationProfile": {
    "Id": "1a2b3c4",
    "Name": "MyProfile"
  },
  "DeploymentNumber": 1,
  "ConfigurationVersion": "1"
}

    If your deployment duration was zero, you should only see the deployment completion notification (type equals OnDeploymentComplete, as seen in the example above). Otherwise, you’ll receive a deployment started notification (type equals OnDeploymentStart) at the beginning of the deployment, followed by the completion notification. In any case, you will now be informed when critical deployment events happen!

Sending Deployment Notifications to Other Target Services

Beyond Amazon SQS, AWS AppConfig can also dispatch deployment notifications to Amazon Simple Notification Service (SNS) and Amazon EventBridge via the AppConfig deployment events to Amazon SNS and AppConfig deployment events to Amazon EventBridge extensions, respectively. This section outlines the primary distinctions between configuring the Amazon SQS extension and the SNS and EventBridge extensions.

AppConfig Deployment Events to Amazon SNS Extension

Similar to the Amazon SQS extension, to enable the AppConfig deployment events to Amazon SNS extension, you must add a statement to your target SNS topic’s access policy that permits AWS AppConfig to publish messages to that topic.

Here’s a sample topic policy statement:

{
  "Sid": "appconfig_notifications",
  "Effect": "Allow",
  "Principal": {
    "Service": "appconfig.amazonaws.com"
  },
  "Action": "SNS:Publish",
  "Resource": "arn:aws:sns:us-east-1:111122223333:NotificationTopic"
}

Here’s an example deployment completion notification message:

{
  "InvocationId": "1a2b3c4",
  "Parameters": {
    "queueArn": "arn:aws:sns:us-east-1:111122223333:NotificationTopic"
  },
  "Type": "OnDeploymentComplete",
  "Application": {
    "Id": "1a2b3c4"
  },
  "Environment": {
    "Id": "1a2b3c4"
  },
  "ConfigurationProfile": {
    "Id": "1a2b3c4",
    "Name": "MyProfile"
  },
  "DeploymentNumber": 1,
  "ConfigurationVersion": "1"
}

AppConfig Deployment Events to Amazon EventBridge Extension

Unlike the Amazon SQS and SNS notifications, there is no need to alter any resource policies to allow AWS AppConfig to send notifications to EventBridge. However, you will need to create a rule to direct the incoming AWS AppConfig notifications to a target.

Keep in mind that AWS AppConfig consistently sends notifications to the default event bus, and it is not possible to configure notifications to a different bus.

To create a rule that directs AppConfig notifications to a target:

  1. Open the EventBridge console.
  2. In the navigation pane, select Events, then choose Rules.
  3. Click Create rule.
  4. Assign a name to the rule, then click Next.

For more insights on AWS resources, check out this excellent resource on area manager positions at Amazon, which can be found here.

Additionally, if you’re looking to enhance your career development, don’t miss this blog post on becoming your own career coach here. Finally, for valuable information on benefits practices in the gig economy, you can find it here.

Related Topics:

Chanci Turner