The document outlines AWS OpsWorks, a service for application management on EC2 using Chef, providing features such as monitoring, auto-scaling, and lifecycle event control. It compares Chef in AWS OpsWorks to Chef server, highlighting differences in command execution, customization, and discovery capabilities. Additionally, it discusses the use of encrypted data bags, custom JSON, and accessing resources securely via IAM roles.

1. AWS OpsWorks & Chef
Jonathan Weiss
@jweiss
January 14th, 2014
© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

3. AWS OpsWorks
Integrated Application management on EC2
• EC2, ELB, VPC, EIP, EBS, …
• Chef-Solo & Built-in layers
• Monitoring with CloudWatch
• Auto Scaling, Auto Healing
• Fine-grained permissions
• App deployment

4. AWS Application Management Services
Higher-level Services
Elastic Beanstalk
Convenience
OpsWorks
Do it yourself
CloudFormation
EC2
Control

5. How does it work?

6. The Heart of the Service
Agent on each
Agent on each
Amazon EC2 instance
EC2 instance
Understands a set of commands that are
triggered by AWS OpsWorks.
The agent then runs a Chef solo run.

7. Life Cycle Events
setup
configure
deploy
undeploy
shutdown

8. A Stack

9. A Stack with Layers

10. A Stack with Layers and Instances

11. Enough talking
DEMO TIME

12. Chef in AWS OpsWorks
vs.
Chef Server

13. Main Differences
•
•
•
•
•
Chef Setup
One run vs. discrete events
Push vs. pull
Discovery: search & AWS OpsWorks attribute tree
Data bags

14. Chef Setup
Chef Solo
&
OpsWorks Backend
Chef Client
&
Chef Server

15. control
simple
Customization Options
Built-in layers
Override Chef attributes via custom JSON
Override Chef attributes via custom cookbook
Overwrite Chef template file
Deploy hooks
Provide custom recipe to extend built-in layer
Provide custom recipe to create custom layer

16. Life Cycle Events
• Give you fine-grained control
• Faster to execute
• Context

17. Push vs. Pull
• On-demand and automatic
• Respond immediately to changes in the stack

18. Discovery: Chef Search
AWS OpsWorks does not offer attribute search
Alternative:
node[:opsworks] with similar capabilities
to partial_search

19. AWS OpsWorks Attribute Tree
Find all Rails application servers
rails_servers = node['opsworks']['layers']['rails-app']['instances']
rails_ips = rails_servers.map{|i| i['private_ip'] }
template "/etc/rails-server.conf" do
...
variables({
:ips => rails_server_ips
})
end

20. Encrypted Data Bags
• Upload encrypted JSON to S3
• Have instances access via IAM roles in a recipe

21. Custom JSON
Arbitrary JSON on stack that is available in Chef
{
‘foo‘: {
‘bar‘: true,
‘baz‘: false
}
}
if node.foo.bar
...
elsif node.foo.baz
...
end

22. Store Secrets on Amazon S3
Access from instance via instance profiles
bucket = node['acme']['bucket']
key = node['acme']['key']
s3 = AWS::S3.new
obj = s3.buckets[bucket].objects[key]
obj.read

23. The Future

24. Better Chef Citizen
Chef 11.8 local server mode:
• Data bags
• (local) Chef search

25. More information about AWS OpsWorks
•
•
•
•
•
•
•
Try it out https://console.aws.amazon.com/opsworks/
Follow us on twitter @AWSOpsWorks
Find us on YouTube
Blog http://blogs.aws.amazon.com/application-management
Docs http://aws.amazon.com/documentation/opsworks/
User tests opsworks-user-tests@amazon.com
Work with us http://jobs.aws-berlin.com

26. Thank You
@jweiss