Step 3: Creating a configuration and a configuration profile - AWS AppConfig

Step 3: Creating a configuration and a configuration profile

A configuration is a collection of settings that influence the behavior of your application. For example, you can create and deploy configurations that carefully introduce changes to your application or turn on new features that require a timely deployment, such as a product launch or announcement. Here's a very simple example of an access list configuration.

{ "AccessList": [ { "user_name": "Mateo_Jackson" }, { "user_name": "Jane_Doe" } ] }

A configuration profile enables AWS AppConfig to access your configuration from a source location. You can store configurations in the following formats and locations:

  • YAML, JSON, or text documents in the AWS AppConfig hosted configuration store

  • Objects in an Amazon Simple Storage Service (Amazon S3) bucket

  • Documents in the Systems Manager document store

  • Parameters in Parameter Store

  • Any integration source action supported by AWS CodePipeline

A configuration profile includes the following information.

  • The URI location where the configuration is stored.

  • The AWS Identity and Access Management (IAM) role that provides access to the configuration.

  • A validator for the configuration data. You can use either a JSON Schema or an AWS Lambda function to validate your configuration profile. A configuration profile can have a maximum of two validators.

For configurations stored in the AWS AppConfig hosted configuration store or SSM documents, you can create the configuration by using the Systems Manager console at the time you create a configuration profile. The process is described later in this topic.

For configurations stored in SSM parameters or in S3, you must create the parameter or object first and then add it to Parameter Store or S3. After you create the parameter or object, you can use the procedure in this topic to create the configuration profile. For information about creating a parameter in Parameter Store, see Creating Systems Manager parameters in the AWS Systems Manager User Guide.

About configuration store quotas and limitations

AWS AppConfig-supported configuration store have the following quotas and limitations.

AWS AppConfig hosted configuration store S3 Parameter Store Document store AWS CodePipeline

Configuration size limit

64 KB

1 MB

Enforced by AWS AppConfig, not S3

4 KB (free tier) / 8 KB (advanced parameters)

64 KB

1 MB

Enforced by AWS AppConfig, not CodePipeline

Resource storage limit

1 GB

Unlimited

10,000 parameters (free tier) / 100,000 parameters (advanced parameters)

500 documents

Limited by the number of configuration profiles per application (100 profiles per application)

Server-side encryption

Yes

No

No

No

Yes

AWS CloudFormation support

Yes

Not for creating or updating data

Yes

No

Yes

Validate create or update API actions

Not supported

Not supported

Regex supported

JSON Schema required for all put and update API actions

Not supported

Pricing

Free

See Amazon S3 pricing

See AWS Systems Manager pricing

Free

See AWS CodePipeline pricing

About the AWS AppConfig hosted configuration store

AWS AppConfig includes an internal or hosted configuration store. Configurations must be 64 KB or smaller. The AWS AppConfig hosted configuration store provides the following benefits over other configuration store options.

  • You don't need to set up and configure other services such as Amazon Simple Storage Service (Amazon S3) or Parameter Store.

  • You don't need to configure AWS Identity and Access Management (IAM) permissions to use the configuration store.

  • You can store configurations in YAML, JSON, or as text documents.

  • There is no cost to use the store.

  • You can create a configuration and add it to the store when you create a configuration profile.

Creating a configuration and a configuration profile

Before you begin

Read the following related content before you complete the procedure in this section.

  • The following procedure requires you to specify an IAM service role so that AWS AppConfig can access your configuration data in the configuration store you choose. This role is not required if you use the AWS AppConfig hosted configuration store. If you choose S3, Parameter Store, or the Systems Manager document store, then you must either choose an existing IAM role or choose the option to have the system automatically create the role for you. For more information, about this role, see About the configuration profile IAM role.

  • If you want to create a configuration profile for configurations stored in S3, you must configure permissions. For more information about permissions and other requirements for using S3 as a configuration store, see About configurations stored in Amazon S3.

  • If you want to use validators, review the details and requirements for using them. For more information, see About validators.

Creating an AWS AppConfig configuration profile (console)

Use the following procedure to create an AWS AppConfig configuration profile and (optionally) a configuration by using the AWS Systems Manager console.

To create a configuration profile

  1. Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/appconfig/.

  2. On the Applications tab, choose the application you created in Create an AWS AppConfig configuration and then choose the Configuration profiles tab.

  3. Choose Create configuration profile.

  4. For Name, enter a name for the configuration profile.

  5. For Description, enter information about the configuration profile.

  6. In the Tags section, enter a key and an optional value. You can specify a maximum of 50 tags for a resource.

  7. On the Select configuration source page, choose an option.

    
                                Choose an AWS AppConfig configuration source
    • If you selected AWS AppConfig hosted configuration, then choose either YAML, JSON, or Text, and enter your configuration in the field. Choose Next and go to Step 10 in this procedure.

    • If you selected Amazon S3 object, then enter the object URI. Choose Next.

    • If you selected AWS Systems Manager parameter, then choose the name of the parameter from the list. Choose Next.

    • If you selected AWS CodePipeline, then choose Next and go to Step 10 in this procedure.

    • If you selected AWS Systems Manager document, then complete the following steps.

    1. In the Document source section, choose either Saved document or New document.

    2. If you choose Saved document, then choose the SSM document from the list. If you choose New document, the Details and Content sections appear.

    3. In the Details section, enter a name for the new application configuration.

    4. For the Application configuration schema section, either choose the JSON schema using the list or choose Create schema. If you choose Create schema, Systems Manager opens the Create schema page. Enter the schema details in the Content section, and then choose Create schema.

      
                                        Enter details of an AWS AppConfig configuration
    5. For Application configuration schema version either choose the version from the list or choose Update schema to edit the schema and create a new version.

    6. In the Content section, choose either YAML or JSON and then enter the configuration data in the field.

      
                                        Enter configuration data in an AWS AppConfig
                                            configuration profile
    7. Choose Next.

  8. In the Service role section, choose New service role to have AWS AppConfig create the IAM role that provides access to the configuration data. AWS AppConfig automatically populates the Role name field based on the name you entered earlier. Or, to choose a role that already exists in IAM, choose Existing service role. Choose the role by using the Role ARN list.

  9. On the Add validators page, choose either JSON Schema or AWS Lambda. If you choose JSON Schema, enter the JSON Schema in the field. If you choose AWS Lambda, choose the function Amazon Resource Name (ARN) and the version from the list.

    
                                Add validators to an AWS AppConfig configuration
    Important

    Configuration data stored in SSM documents must validate against an associated JSON Schema before you can add the configuration to the system. SSM parameters do not require a validation method, but we recommend that you create a validation check for new or updated SSM parameter configurations by using AWS Lambda.

  10. Choose Create configuration profile.

Important

If you created a configuration profile for AWS CodePipeline, then after you create a deployment strategy, as described in the next section, you must create a pipeline in CodePipeline that specifies AWS AppConfig as the deploy provider. For information about creating a pipeline that specifies AWS AppConfig as the deploy provider, see Tutorial: Create a Pipeline That Uses AWS AppConfig as a Deployment Provider in the AWS CodePipeline User Guide.

Proceed to Step 4: Creating a deployment strategy.

Creating an AWS AppConfig configuration profile (commandline)

The following procedure describes how to use the AWS CLI (on Linux or Windows) or AWS Tools for PowerShell to create a AWS AppConfig configuration profile.

To create a configuration profile step by step

  1. Install and configure the AWS CLI or the AWS Tools for PowerShell, if you have not already.

    For information, see Install or upgrade AWS command line tools.

  2. Run the following command to create a configuration profile.

    Linux
    aws appconfig create-configuration-profile \ --application-id The_application_ID \ --name A_name_for_the_configuration_profile \ --description A_description_of_the_configuration_profile \ --location-uri A_URI_to_locate_the_configuration \ --retrieval-role-arn The_ARN_of_the_IAM_role_with_permission_to_access_the_configuration_at_the_specified_LocationUri \ --tags User_defined_key_value_pair_metadata_of_the_configuration_profile \ --validators "Content=JSON_Schema_content_or_the_ARN_of_an_AWS_Lambda_function,Type=validators_of_type_JSON_SCHEMA_and_LAMBDA"
    Windows
    aws appconfig create-configuration-profile ^ --application-id The_application_ID ^ --name A_name_for_the_configuration_profile ^ --description A_description_of_the_configuration_profile ^ --location-uri A_URI_to_locate_the_configuration ^ --retrieval-role-arn The_ARN_of_the_IAM_role_with_permission_to_access_the_configuration_at_the_specified_LocationUri ^ --tags User_defined_key_value_pair_metadata_of_the_configuration_profile ^ --validators "Content=JSON_Schema_content_or_the_ARN_of_an_AWS_Lambda_function,Type=validators_of_type_JSON_SCHEMA_and_LAMBDA"
    PowerShell
    New-APPCConfigurationProfile ` -Name A_name_for_the_configuration_profile ` -ApplicationId The_application_ID ` -Description Description_of_the_configuration_profile ` -LocationUri A_URI_to_locate_the_configuration ` -RetrievalRoleArn The_ARN_of_the_IAM_role_with_permission_to_access_the_configuration_at_the_specified_LocationUri ` -Tag Hashtable_type_user_defined_key_value_pair_metadata_of_the_configuration_profile ` -Validators "Content=JSON_Schema_content_or_the_ARN_of_an_AWS_Lambda_function,Type=validators_of_type_JSON_SCHEMA_and_LAMBDA"

    The system returns information like the following.

    Linux
    {
       "ApplicationId": "The application ID",
       "Id": "The configuration profile ID",
       "Name": "The name of the configuration profile",
       "Description": "The configuration profile description",
       "LocationUri": "The URI location of the configuration",
       "RetrievalRoleArn": "The ARN of an IAM role with permission to access the configuration at the specified LocationUri",
       "Validators": [ 
          { 
             "Content": "The JSON Schema content or the ARN of an AWS Lambda function",
             "Type": "Validators of type JSON_SCHEMA and LAMBDA"
          }
       ]
    }
    Windows
    {
       "ApplicationId": "The application ID",
       "Id": "The configuration profile ID",
       "Name": "The name of the configuration profile",
       "Description": "The configuration profile description",
       "Id": "The configuration profile ID",
       "LocationUri": "The URI location of the configuration",
       "RetrievalRoleArn": "The ARN of an IAM role with permission to access the configuration at the specified LocationUri",
       "Validators": [ 
          { 
             "Content": "The JSON Schema content or the ARN of an AWS Lambda function",
             "Type": "Validators of type JSON_SCHEMA and LAMBDA"
          }
       ]
    }
    PowerShell
    ApplicationId    : The application ID
    ContentLength    : Runtime of the command
    Description      : The configuration profile description
    HttpStatusCode   : HTTP Status of the runtime
    Id               : The configuration profile ID
    LocationUri      : The URI location of the configuration
    Name             : The name of the configuration profile
    ResponseMetadata : Runtime Metadata
    RetrievalRoleArn : The ARN of an IAM role with permission to access the configuration at the specified LocationUri
    Validators       : {Content: The JSON Schema content or the ARN of an AWS Lambda function, Type : Validators of type JSON_SCHEMA and LAMBDA}