Step 3: Creating configuration profiles and feature flags
A configuration is a collection of settings that influence the behavior of your application. A configuration profile enables AWS AppConfig to access your configuration. Configuration profiles include the following information.
-
The URI location where the configuration is stored.
-
The AWS Identity and Access Management (IAM) role that provides access to the configuration.
-
A validator for the configuration data. You can use either a JSON Schema or an AWS Lambda function to validate your configuration profile. A configuration profile can have a maximum of two validators.
AWS AppConfig supports the following types of configuration profiles.
-
Feature flag: Use a feature flag configuration to turn on new features that require a timely deployment, such as a product launch or announcement.
-
Freeform: Use a freeform configuration to carefully introduce changes to your application.
Note
For feature flags and freeform configurations hosted in the AWS AppConfig hosted configuration
store, you specify hosted
for the location URI.
Contents
Example configurations
Use AWS AppConfig
Feature flag configuration
The following feature flag configuration enables or disables mobile payments and default payments on a per-region basis.
Operational configuration
The following freeform configuration enforces limits on how an application processes requests.
Access control list configuration
The following access control list freeform configuration specifies which users or groups can access an application.
About the configuration profile IAM role
You can create the IAM role that provides access to the configuration data by using AWS AppConfig, as described in the following procedure. Or you can create the IAM role yourself. If you create the role by using AWS AppConfig, the system creates the role and specifies one of the following permissions policies, depending on which type of configuration source you choose.
Configuration source is a Secrets Manager secret
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:
AWS Region
:account_ID
:secret:secret_name-a1b2c3
" ] } ] }
Configuration source is a Parameter Store parameter
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:GetParameter" ], "Resource": [ "arn:aws:ssm:
AWS Region
:account_ID
:parameter/parameter_name
" ] } ] }
Configuration source is an SSM document
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:GetDocument" ], "Resource": [ "arn:aws:ssm:
AWS Region
:account_ID
:document/document_name
" ] } ] }
If you create the role by using AWS AppConfig, the system also creates the following trust relationship for the role.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "appconfig.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
About configurations stored in Amazon S3
You can store configurations in an Amazon Simple Storage Service (Amazon S3) bucket. When you create the configuration profile, you specify the URI to a single S3 object in a bucket. You also specify the Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that gives AWS AppConfig permission to get the object. Before you create a configuration profile for an Amazon S3 object, be aware of the following restrictions.
Restriction | Details |
---|---|
Size |
Configurations stored as S3 objects can be a maximum of 1 MB in size. |
Object encryption |
A configuration profile can target SSE-S3 and SSE-KMS encrypted objects. |
Storage classes |
AWS AppConfig supports the following S3 storage classes: |
Versioning |
AWS AppConfig requires that the S3 object use versioning. |
Configuring permissions for a configuration stored as an Amazon S3 object
When you create a configuration profile for a configuration stored as an S3 object, you must specify an ARN for an IAM role that gives AWS AppConfig permission to get the object. The role must include the following permissions.
Permissions to access the S3 object
-
s3:GetObject
-
s3:GetObjectVersion
Permissions to list S3 buckets
s3:ListAllMyBuckets
Permissions to access the S3 bucket where the object is stored
-
s3:GetBucketLocation
-
s3:GetBucketVersioning
-
s3:ListBucket
-
s3:ListBucketVersions
Complete the following procedure to create a role that enables AWS AppConfig to get a configuration stored in an S3 object.
Creating the IAM Policy for Accessing an S3 Object
Use the following procedure to create an IAM policy that enables AWS AppConfig to get a configuration stored in an S3 object.
To create an IAM policy for accessing an S3 object
Open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane, choose Policies, and then choose Create policy.
-
On the Create policy page, choose the JSON tab.
-
Update the following sample policy with information about your S3 bucket and configuration object. Then paste the policy into the text field on the JSON tab.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::
my-bucket
/my-configurations
/my-configuration
.json" }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetBucketVersioning", "s3:ListBucketVersions", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::my-bucket
" ] }, { "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "*" } ] } -
Choose Review policy.
-
On the Review policy page, type a name in the Name box, and then type a description.
-
Choose Create policy. The system returns you to the Roles page.
Creating the IAM Role for Accessing an S3 Object
Use the following procedure to create an IAM role that enables AWS AppConfig to get a configuration stored in an S3 object.
To create an IAM role for accessing an Amazon S3 object
Open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane, choose Roles, and then choose Create role.
-
On the Select type of trusted entity section, choose AWS service.
-
In the Choose a use case section, under Common use cases, choose EC2, and then choose Next: Permissions.
-
On the Attach permissions policy page, in the search box, enter the name of the policy you created in the previous procedure.
-
Choose the policy and then choose Next: Tags.
-
On the Add tags (optional) page, enter a key and an optional value, and then choose Next: Review.
-
On the Review page, type a name in the Role name field, and then type a description.
-
Choose Create role. The system returns you to the Roles page.
-
On the Roles page, choose the role you just created to open the Summary page. Note the Role Name and Role ARN. You will specify the role ARN when you create the configuration profile later in this topic.
Creating a Trust Relationship
Use the following procedure to configure the role you just created to trust AWS AppConfig.
To add a trust relationship
-
In the Summary page for the role you just created, choose the Trust Relationships tab, and then choose Edit Trust Relationship.
-
Delete
"ec2.amazonaws.com"
and add"appconfig.amazonaws.com"
, as shown in the following example.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "appconfig.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
-
Choose Update Trust Policy.
About validators
When you create a configuration and configuration profile, you can specify up to two validators. A validator ensures that your configuration data is syntactically and semantically correct. You can create validators in either JSON Schema or as an AWS Lambda function.
Important
Configuration data stored in SSM documents must validate against an associated JSON Schema before you can add the configuration to the system. SSM parameters do not require a validation method, but we recommend that you create a validation check for new or updated SSM parameter configurations by using AWS Lambda.
JSON Schema Validators
If you create a configuration in an SSM document, then you must specify or create a JSON Schema for that configuration. A JSON Schema defines the allowable properties for each application configuration setting. The JSON Schema functions like a set of rules to ensure that new or updated configuration settings conform to the best practices required by your application. Here is an example.
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "$id$", "description": "BasicFeatureToggle-1", "type": "object", "additionalProperties": false, "patternProperties": { "[^\\s]+$": { "type": "boolean" } }, "minProperties": 1 }
When you create a configuration from an SSM document, the system automatically verifies that the configuration conforms to the schema requirements. If it doesn't, AWS AppConfig returns a validation error.
Note
Note the following information about JSON Schema validators:
-
A configuration in an SSM document uses the
ApplicationConfiguration
document type. The corresponding JSON Schema, uses theApplicationConfigurationSchema
document type. -
AWS AppConfig supports JSON Schema version 4.X for inline schema. If your application configuration requires a different version of JSON Schema, then you must create a Lambda validator.
AWS Lambda Validators
Lambda function validators must be configured with the following event schema. AWS AppConfig uses this schema to invoke the Lambda function. The content is a base64-encoded string, and the URI is a string.
{ "applicationId": "
The application ID of the configuration profile being validated
", "configurationProfileId": "The ID of the configuration profile being validated
", "configurationVersion": "The version of the configuration profile being validated
", "content": "Base64EncodedByteString", "uri": "The configuration uri
" }
AWS AppConfig verifies that the Lambda X-Amz-Function-Error
header is set in the
response. Lambda sets this header if the function throws an exception. For more information
about X-Amz-Function-Error
, see Error Handling and Automatic Retries in
AWS Lambda in the AWS Lambda Developer Guide.
Here is a simple example of a Lambda response code for a successful validation.
import json def handler(event, context): #Add your validation logic here print("We passed!")
Here is a simple example of a Lambda response code for an unsuccessful validation.
def handler(event, context): #Add your validation logic here raise Exception("Failure!")
Here is another example that validates only if the configuration parameter is a prime number.
function isPrime(value) { if (value < 2) { return false; } for (i = 2; i < value; i++) { if (value % i === 0) { return false; } } return true; } exports.handler = async function(event, context) { console.log('EVENT: ' + JSON.stringify(event, null, 2)); const input = parseInt(Buffer.from(event.content, 'base64').toString('ascii')); const prime = isPrime(input); console.log('RESULT: ' + input + (prime ? ' is' : ' is not') + ' prime'); if (!prime) { throw input + "is not prime"; } }
AWS AppConfig calls your validation Lambda when calling the StartDeployment
and
ValidateConfigurationActivity
API operations. You must provide
appconfig.amazonaws.com
permissions to invoke your Lambda. For more
information, see Granting Function Access to AWS Services. AWS AppConfig limits the validation Lambda
run time to 15 seconds, including start-up latency.
Creating a feature flag configuration profile
You can use feature flags to enable or disable features within your applications or to configure different characteristics of your application features using flag attributes. AWS AppConfig stores feature flag configurations in the AWS AppConfig hosted configuration store in a feature flag format that contains data and metadata about your flags and the flag attributes. For more information about the AWS AppConfig hosted configuration store, see About the AWS AppConfig hosted configuration store section.
Important
To retrieve feature flag configuration data, your application must call the
GetLatestConfiguration
API. You can't retrieve feature flag configuration
data by calling GetConfiguration
, which is deprecated. For more information,
see GetLatestConfiguration in the AWS AppConfig API Reference.
Topics
Creating a feature flag and a feature flag configuration profile (console)
Use the following procedure to create an AWS AppConfig feature flag configuration profile and a feature flag configuration by using the AWS AppConfig console.
To create a configuration profile
Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/appconfig/
. -
On the Applications tab, choose the application you created in Create an AWS AppConfig configuration and then choose the Configuration profiles and feature flags tab.
-
Choose Create.
-
Choose Feature flag.
To create a feature flag
-
On the configuration you created, choose Add new flag.
-
Provide a Flag name and (optional) Description. The Flag key auto populates by replacing spaces with underscores in the name you provided. You can edit the flag key if you want a different value or format. After the flag is created, you can edit the flag name, but not the flag key.
-
Specify whether the feature flag is Enabled or Disabled using the toggle button.
-
(Optional) Add Attributes and attribute Constraints to the feature flag. Attributes enable you to provide additional values within your flag. You can optionally validate attribute values against specified constraints. Constraints ensure that any unexpected values are not deployed to your application.
AWS AppConfig feature flags supports the following types of attributes and their corresponding constraints.
Type Constraint Description String Regular Expression Regex pattern for the string
Enum List of acceptable values for the string
Number Minimum Minimum numeric value for the attribute
Maximum Maximum numeric value for the attribute
Boolean None None String array Regular Expression Regex pattern for the elements of the array Enum List of acceptable values for the elements of the array Number array Minimum Minimum numeric value for the elements of the array Maximum Maximum numeric value for the elements of the array Note
Note the following information.
-
For attribute names, the word "enabled" is reserved. You can't create a feature flag attribute called "enabled". There are no other reserved words.
-
The attributes of a feature flag are only included in the
GetLatestConfiguration
response if that flag is enabled. -
Select Required value to specify whether an attribute value is required.
-
-
Choose Save new version.
Proceed to Step 4: Creating a deployment strategy.
Creating a feature flag and a feature flag configuration profile (command line)
The following procedure describes how to use the AWS Command Line Interface (on Linux or Windows) or Tools for Windows PowerShell to create an AWS AppConfig feature flag configuration profile. If you prefer, you can use AWS CloudShell to run the commands listed below. For more information, see What is AWS CloudShell? in the AWS CloudShell User Guide.
To create a feature flags configuration step by step
-
Open the AWS CLI.
-
Create a feature flag configuration profile specifying its Type as
AWS.AppConfig.FeatureFlags
. The configuration profile must usehosted
for the location URI. -
Create your feature flag configuration data. Your data must be in a JSON format and conform to the
AWS.AppConfig.FeatureFlags
JSON schema. For more information about the schema, see Type reference for AWS.AppConfig.FeatureFlags. -
Use the
CreateHostedConfigurationVersion
API to save your feature flag configuration data to AWS AppConfig.Here's a Linux sample command.
aws appconfig create-hosted-configuration-version \ --application-id 1a2b3cTestApp \ --configuration-profile-id 4d5e6fTestConfigProfile \ --content-type "application/json" \ --content Base64Content
The
content
parameter uses the followingbase64
encoded data.{ "flags": { "flagkey": { "name": "WinterSpecialBanner" } }, "values": { "flagkey": { "enabled": true } }, "version": "1" }
The system returns information like the following.
The
service_returned_content_file
contains your configuration data that includes some AWS AppConfig generated metadata.Note
When you create the hosted configuration version, AWS AppConfig verifies that your data conforms to the
AWS.AppConfig.FeatureFlags
JSON schema. AWS AppConfig additionally validates that each feature flag attribute in your data satisfies the constraints you defined for those attributes.
Type reference for AWS.AppConfig.FeatureFlags
Use the AWS.AppConfig.FeatureFlags
JSON schema as a reference to create
your feature flag configuration data.
{ "$schema": "http://json-schema.org/draft-07/schema#", "definitions": { "flagSetDefinition": { "type": "object", "properties": { "version": { "$ref": "#/definitions/flagSchemaVersions" }, "flags": { "$ref": "#/definitions/flagDefinitions" }, "values": { "$ref": "#/definitions/flagValues" } }, "required": ["version", "flags"], "additionalProperties": false }, "flagDefinitions": { "type": "object", "patternProperties": { "^[a-z][a-zA-Z\d-]{0,63}$": { "$ref": "#/definitions/flagDefinition" } }, "maxProperties": 100, "additionalProperties": false }, "flagDefinition": { "type": "object", "properties": { "name": { "$ref": "#/definitions/customerDefinedName" }, "description": { "$ref": "#/definitions/customerDefinedDescription" }, "_createdAt": { "type": "string" }, "_updatedAt": { "type": "string" }, "_deprecation": { "type": "object", "properties": { "status": { "type": "string", "enum": ["planned"] } }, "additionalProperties": false }, "attributes": { "$ref": "#/definitions/attributeDefinitions" } }, "additionalProperties": false }, "attributeDefinitions": { "type": "object", "patternProperties": { "^[a-z][a-zA-Z\\d-_]{0,63}$": { "$ref": "#/definitions/attributeDefinition" } }, "maxProperties": 25, "additionalProperties": false }, "attributeDefinition": { "type": "object", "properties": { "description": { "$ref": "#/definitions/customerDefinedDescription" }, "constraints": { "oneOf": [ { "$ref": "#/definitions/numberConstraints" }, { "$ref": "#/definitions/stringConstraints" }, { "$ref": "#/definitions/arrayConstraints" }, { "$ref": "#/definitions/boolConstraints" } ] } }, "additionalProperties": false }, "flagValues": { "type": "object", "patternProperties": { "^[a-z][a-zA-Z\\d-_]{0,63}$": { "$ref": "#/definitions/flagValue" } }, "maxProperties": 100, "additionalProperties": false }, "flagValue": { "type": "object", "properties": { "enabled": { "type": "boolean" }, "_createdAt": { "type": "string" }, "_updatedAt": { "type": "string" } }, "patternProperties": { "^[a-z][a-zA-Z\\d-_]{0,63}$": { "$ref": "#/definitions/attributeValue", "maxProperties": 25 } }, "required": ["enabled"], "additionalProperties": false }, "attributeValue": { "oneOf": [ { "type": "string", "maxLength": 1024 }, { "type": "number" }, { "type": "boolean" }, { "type": "array", "oneOf": [ { "items": { "type": "string", "maxLength": 1024 } }, { "items": { "type": "number" } } ] } ], "additionalProperties": false }, "stringConstraints": { "type": "object", "properties": { "type": { "type": "string", "enum": ["string"] }, "required": { "type": "boolean" }, "pattern": { "type": "string", "maxLength": 1024 }, "enum": { "type": "array", "maxLength": 100, "items": { "oneOf": [ { "type": "string", "maxLength": 1024 }, { "type": "integer" } ] } } }, "required": ["type"], "not": { "required": ["pattern", "enum"] }, "additionalProperties": false }, "numberConstraints": { "type": "object", "properties": { "type": { "type": "string", "enum": ["number"] }, "required": { "type": "boolean" }, "minimum": { "type": "integer" }, "maximum": { "type": "integer" } }, "required": ["type"], "additionalProperties": false }, "arrayConstraints": { "type": "object", "properties": { "type": { "type": "string", "enum": ["array"] }, "required": { "type": "boolean" }, "elements": { "$ref": "#/definitions/elementConstraints" } }, "required": ["type"], "additionalProperties": false }, "boolConstraints": { "type": "object", "properties": { "type": { "type": "string", "enum": ["boolean"] }, "required": { "type": "boolean" } }, "required": ["type"], "additionalProperties": false }, "elementConstraints": { "oneOf": [ { "$ref": "#/definitions/numberConstraints" }, { "$ref": "#/definitions/stringConstraints" } ] }, "customerDefinedName": { "type": "string", "pattern": "^[^\\n]{1,64}$" }, "customerDefinedDescription": { "type": "string", "maxLength": 1024 }, "flagSchemaVersions": { "type": "string", "enum": ["1"] } }, "type": "object", "$ref": "#/definitions/flagSetDefinition", "additionalProperties": false }
Important
To retrieve feature flag configuration data, your application must call the
GetLatestConfiguration
API. You can't retrieve feature flag configuration
data by calling GetConfiguration
, which is deprecated. For more
information, see GetLatestConfiguration in the AWS AppConfig API Reference.
When your application calls GetLatestConfiguration and receives a newly deployed configuration, the
information that defines your feature flags and attributes is removed. The simplified JSON
contains a map of keys that match each of the flag keys you specified. The simplified JSON
also contains mapped values of true
or false
for the
enabled
attribute. If a flag sets enabled
to
true
, any attributes of the flag will be present as well. The following JSON
schema describes the format of the JSON output.
{ "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "patternProperties": { "^[a-z][a-zA-Z\\d-_]{0,63}$": { "$ref": "#/definitions/attributeValuesMap" } }, "maxProperties": 100, "additionalProperties": false, "definitions": { "attributeValuesMap": { "type": "object", "properties": { "enabled": { "type": "boolean" } }, "required": ["enabled"], "patternProperties": { "^[a-z][a-zA-Z\\d-_]{0,63}$": { "$ref": "#/definitions/attributeValue" } }, "maxProperties": 25, "additionalProperties": false }, "attributeValue": { "oneOf": [ { "type": "string","maxLength": 1024 }, { "type": "number" }, { "type": "boolean" }, { "type": "array", "oneOf": [ { "items": { "oneOf": [ { "type": "string", "maxLength": 1024 } ] } }, { "items": { "oneOf": [ { "type": "number" } ] } } ] } ], "additionalProperties": false } } }
Creating a freeform configuration profile
A freeform configuration profile enables AWS AppConfig to access your configuration from a specified source location. You can store freeform configurations in the following formats and locations:
-
Configuration data in YAML, JSON, and other formats stored in the AWS AppConfig hosted configuration store
-
Configuration data stored as objects in an Amazon Simple Storage Service (Amazon S3) bucket
-
Pipelines stored in AWS CodePipeline
-
Secrets stored in AWS Secrets Manager
-
Standard and secure string parameters stored in AWS Systems Manager Parameter Store
-
Configuration data in SSM documents stored in the Systems Manager document store
For freeform configurations stored in the AWS AppConfig hosted configuration store or SSM documents, you can create the freeform configuration by using the Systems Manager console at the time you create a configuration profile. The process is described later in this topic.
For freeform configurations stored in Parameter Store, Secrets Manager, or S3, you must create the parameter, secret, or object first and store it in the relevant configuration store. After you store the configuration data, use the procedure in this topic to create the configuration profile.
Topics
About configuration store quotas and limitations
Configuration stores supported by AWS AppConfig have the following quotas and limitations.
AWS AppConfig hosted configuration store | Amazon S3 | Systems Manager Parameter Store | AWS Secrets Manager | Systems Manager Document store | AWS CodePipeline | |
---|---|---|---|---|---|---|
Configuration size limit |
1 MB |
1 MB Enforced by AWS AppConfig, not S3 |
4 KB (free tier) / 8 KB (advanced parameters) |
64 KB |
64 KB |
1 MB Enforced by AWS AppConfig, not CodePipeline |
Resource storage limit |
1 GB |
Unlimited |
10,000 parameters (free tier) / 100,000 parameters (advanced parameters) |
500,000 |
500 documents |
Limited by the number of configuration profiles per application (100 profiles per application) |
Server-side encryption |
Yes |
Yes |
Yes |
No |
Yes |
|
AWS CloudFormation support |
Yes |
Not for creating or updating data |
Yes |
Yes |
No |
Yes |
Validate create or update API operations |
Not supported |
Not supported |
Regex supported |
Regex supported |
JSON Schema required for all put and update API operations |
Not supported |
Pricing |
Free |
Free |
About the AWS AppConfig hosted configuration store
AWS AppConfig includes an internal or hosted configuration store. Configurations must be 1 MB or smaller. The AWS AppConfig hosted configuration store provides the following benefits over other configuration store options.
-
You don't need to set up and configure other services such as Amazon Simple Storage Service (Amazon S3) or Parameter Store.
-
You don't need to configure AWS Identity and Access Management (IAM) permissions to use the configuration store.
-
You can store configurations in YAML, JSON, or as text documents.
-
There is no cost to use the store.
-
You can create a configuration and add it to the store when you create a configuration profile.
Creating a freeform configuration and configuration profile
This section describes how to create a freeform configuration and configuration profile. Before you begin, note the following information.
-
The following procedure requires you to specify an IAM service role so that AWS AppConfig can access your configuration data in the configuration store you choose. This role is not required if you use the AWS AppConfig hosted configuration store. If you choose S3, Parameter Store, or the Systems Manager document store, then you must either choose an existing IAM role or choose the option to have the system automatically create the role for you. For more information, about this role, see About the configuration profile IAM role.
-
If you want to create a configuration profile for configurations stored in S3, you must configure permissions. For more information about permissions and other requirements for using S3 as a configuration store, see About configurations stored in Amazon S3.
-
If you want to use validators, review the details and requirements for using them. For more information, see About validators.
Topics
Creating an AWS AppConfig freeform configuration profile (console)
Use the following procedure to create an AWS AppConfig freeform configuration profile and (optionally) a freeform-configuration by using the AWS Systems Manager console.
To create a configuration profile
Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/appconfig/
. -
On the Applications tab, choose the application you created in Create an AWS AppConfig configuration and then choose the Configuration profiles and feature flags tab.
-
Choose Create freeform configuration profile.
-
For Name, enter a name for the configuration profile.
-
For Description, enter information about the configuration profile.
-
On the Select configuration source page, choose an option.
-
-
If you selected AWS AppConfig hosted configuration, then choose either YAML, JSON, or Text, and enter your configuration in the field. Choose Next and go to Step 10 in this procedure.
-
If you selected Amazon S3 object, then enter the object URI. Choose Next.
-
If you selected AWS Systems Manager parameter, then choose the name of the parameter from the list. Choose Next.
-
If you selected Secrets Manager secret, then enter the name of the secret. Choose Next.
-
If you selected AWS CodePipeline, then choose Next and go to Step 10 in this procedure.
-
If you selected AWS Systems Manager document, then complete the following steps.
-
In the Document source section, choose either Saved document or New document.
-
If you choose Saved document, then choose the SSM document from the list. If you choose New document, the Details and Content sections appear.
-
In the Details section, enter a name for the new application configuration.
-
For the Application configuration schema section, either choose the JSON schema using the list or choose Create schema. If you choose Create schema, Systems Manager opens the Create schema page. Enter the schema details in the Content section, and then choose Create schema.
-
For Application configuration schema version either choose the version from the list or choose Update schema to edit the schema and create a new version.
-
In the Content section, choose either YAML or JSON and then enter the configuration data in the field.
-
Choose Next.
-
-
In the Service role section, choose New service role to have AWS AppConfig create the IAM role that provides access to the configuration data. AWS AppConfig automatically populates the Role name field based on the name you entered earlier. Or, to choose a role that already exists in IAM, choose Existing service role. Choose the role by using the Role ARN list.
-
On the Add validators page, choose either JSON Schema or AWS Lambda. If you choose JSON Schema, enter the JSON Schema in the field. If you choose AWS Lambda, choose the function Amazon Resource Name (ARN) and the version from the list.
Important
Configuration data stored in SSM documents must validate against an associated JSON Schema before you can add the configuration to the system. SSM parameters do not require a validation method, but we recommend that you create a validation check for new or updated SSM parameter configurations by using AWS Lambda.
-
In the Tags section, enter a key and an optional value. You can specify a maximum of 50 tags for a resource.
-
Choose Create configuration profile.
Important
If you created a configuration profile for AWS CodePipeline, then after you create a deployment strategy, as described in the next section, you must create a pipeline in CodePipeline that specifies AWS AppConfig as the deploy provider. For information about creating a pipeline that specifies AWS AppConfig as the deploy provider, see Tutorial: Create a Pipeline That Uses AWS AppConfig as a Deployment Provider in the AWS CodePipeline User Guide.
Proceed to Step 4: Creating a deployment strategy.
Creating an AWS AppConfig freeform configuration profile (command line)
The following procedure describes how to use the AWS CLI (on Linux or Windows) or AWS Tools for PowerShell to create an AWS AppConfig freeform configuration profile. If you prefer, you can use AWS CloudShell to run the commands listed below. For more information, see What is AWS CloudShell? in the AWS CloudShell User Guide.
Note
For freeform configurations hosted in the AWS AppConfig hosted configuration store, you
specify hosted
for the location URI.
To create a configuration profile step by step
-
Open the AWS CLI.
-
Run the following command to create a freeform configuration profile.
Note
If you created a configuration in the AWS AppConfig hosted configuration store, you can create new versions of the configuration by using the CreateHostedConfigurationVersion API operations. To view AWS CLI details and sample commands for this API operation, see create-hosted-configuration-version in the AWS CLI Command Reference.