- Learn about AWS OpsWorks for Chef Automate configuration management capabilities - Learn about continuous deployment and automated testing for compliance and security - Learn about Chef To make sure that your application operates in a predictable manner in both your test and production environments, you must vigilantly maintain the configuration of your resources. By leveraging configuration management solutions, Dev and Ops engineers can now finally define the state of their resources across their entire life-cycle. In this session, we will showcase some of the best practices that assures your production workloads behave in a predictable manner by using tools such as AWS OpsWorks for Chef Automate.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kevin Cochran, Solutions Architect, AWS
Nick Rycar, Technical Product Marketing Manager, Chef
May 17, 2017
OpsWorks for Chef Automate
Automation Made Easy!

2. What to expect from this session?
Understand how configuration management lets you refer
to your infrastructure as code
Understand how AWS can help you use configuration
management to save time
Discover the best practices of setting up your
infrastructure, host configuration, and application

3. Background
Moving to the cloud and AWS allows you to provision and
manage infrastructure in new ways:
• Scale can be achieved without complicated capacity
planning
• Infrastructure can be provisioned in minutes
• You are now a part of a fast moving environment that
requires constant attention

4. What is configuration management?
A practice in which code is used to define and maintain the
state of both new and existing resources throughout their
entire life cycle.

5. Why do I need configuration management?
• Store your configuration information in one place
• Spin up blank resources that work perfectly every time
• Make changes things in a single place and propagate them
• Create dev and test environments that mimic your production

6. Compute Resources
Operating System and
Host Configuration
Application Configuration
Amazon Elastic Compute
Cloud (EC2)
On-premises compute
resources (Servers)
…
Files
Directories
Networking
Symlinks
Mounts
Registry Key
Users
Groups
Packages
Filesystems
…
Application dependencies
Application configuration
Service registration
Credentials
…

7. Infrastructure needs ongoing management
• Package updates?
• New software?
• New configurations?
• New app deployments?
• Environment specific changes?
• Run commands across all hosts?
• Be on top of all running resources?

8. Ongoing management requires proper tooling
Some common challenges:
• Changing a vhost configuration on every web server across
multiple environments (dev, stage, prod)
• Installing a package on certain hosts to test out newer versions
• Changing LDAP config on every running Amazon EC2 Linux host
What tools can I use to tackle some of these challenges?

10. What is Chef Automate?
• Refer to your infrastructure as code (cookbooks & recipes)
• Consistently install, configure, manage, deploy and scale
applications
• Align resources with specific policies
• Save time by automating manual tasks

11. How does it work?
• Simple client-server
architecture
• Connecting resources to a
Chef server
• Resources pull
configuration updates from
the Chef server Config A Config B

12. How can you set this up?
1. Setup the Chef server with cookbooks, recipes roles.
2. Install the Chef client on the instance (or server).
3. Register the instance with the Chef server as a Chef node.
4. Assign node with a role (e.g. web server, app server, db server).
5. The Chef client pulls the recipes from Chef server (based on role).
6. The Chef server determines the applicable recipes (by role).
7. The Chef client applies the recipes on the node by doing a “Chef run”.
8. The Chef client pulls the Chef server every 30 minutes.

13. How does it look like?
• The Chef client pulls
configuration updates from the
Chef server every 30 minutes.
• The Chef client will only make
configuration changes when
the node is out of spec.
• The Chef client can react to
changes using by using Chef
search.

14. Support for community tools
• ChefDK
• Knife
• Chef Client
• Community cookbooks and recipes
• TestKitchen

15. AWS OpsWorks
for Chef Automate

16. What is AWS OpsWorks for Chef Automate?
The place you go to for configuration management on AWS
Offers a fully managed Chef Automate server
OpsWorks

17. How can I create an AWS managed Chef server?
Easy to get started, get a Chef Automate server in 10 minutes.

18. What else can I set up?
Setup a weekly maintenance window
• Automatic security updates
• Automatic Chef version upgrades

19. What else can I set up?
Setup a daily/weekly backup schedule

20. What else is left for me to do?
Nothing, this is a fully managed configuration management
service:
• Automatic backups
• Automatic security updates
• Automatic Chef software updates
You can focus on writing cookbooks and recipes that meet
your needs.

21. What other benefits do I get from the service?
• Automatic instance to Chef server registration
• Secure and easy scaling using Auto Scaling Groups
• No separate license fees, only pay for what you use
• Supports both Amazon EC2 and on-prem resources
• Best practices, AWS support and guidance

22. Where does it come in the tool chain?
• Bootstrap instances with the right configuration
• Update the configuration of running instances
• Assure instances comply with a pre-defined policy
• A part of your Continues Integration and Continues
Delivery pipeline

23. Live Demo

24. How do I get started?
 Grab some community cookbooks
https://supermarket.chef.io/
 Learn more
https://www.chef.io/automate/
Get started
https://aws.amazon.com/opsworks/

25. Thank you!