What Is AWS AppConfig? - AWS AppConfig

What Is AWS AppConfig?

Use AWS AppConfig, a capability of AWS Systems Manager, to create, manage, and quickly deploy application configurations. AWS AppConfig supports controlled deployments to applications of any size and includes built-in validation checks and monitoring. You can use AWS AppConfig with applications hosted on EC2 instances, AWS Lambda, containers, mobile applications, or IoT devices.

To prevent errors when deploying application configurations, especially for production systems where a simple typo could cause an unexpected outage, AWS AppConfig includes validators. A validator provides a syntactic or semantic check to ensure that the configuration you want to deploy works as intended. To validate your application configuration data, you provide a schema or Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.

During a configuration deployment, AWS AppConfig monitors the application to ensure that the deployment is successful. If the system encounters an error, AWS AppConfig rolls back the change to minimize impact for your application users. You can configure a deployment strategy for each application or environment that includes deployment criteria, including velocity, bake time, and alarms to monitor. Similar to error monitoring, if a deployment triggers an alarm, AWS AppConfig automatically rolls back to the previous version.

AWS AppConfig supports multiple use cases. Here are some examples.

  • Application tuning: Use AWS AppConfig to carefully introduce changes to your application that can only be tested with production traffic.

  • Feature toggle: Use AWS AppConfig to turn on new features that require a timely deployment, such as a product launch or announcement.

  • Allow list: Use AWS AppConfig to allow premium subscribers to access paid content.

  • Operational issues: Use AWS AppConfig to reduce stress on your application when a dependency or other external factor impacts the system.

How can AWS AppConfig benefit my organization?

AWS AppConfig offers the following benefits.

  • Deploy changes across a set of targets quickly

    AWS AppConfig simplifies the administration of applications at scale by deploying configuration changes from a central location. AWS AppConfig supports configurations stored in Systems Manager Parameter Store, Systems Manager (SSM) documents, and Amazon S3. You can use AWS AppConfig with applications hosted on EC2 instances, AWS Lambda, containers, mobile applications, or IoT devices.

  • Reduce errors in configuration changes

    AWS AppConfig reduces application downtime by enabling you to create rules to validate your configuration. Configurations that aren't valid can't be deployed. AWS AppConfig provides two options for validating configurations.

    • For syntactic validation, you can use a JSON schema. AWS AppConfig validates your configuration by using the JSON schema to ensure that configuration changes adhere to the application requirements.

    • For semantic validation, you can call an AWS Lambda function that runs your configuration before you deploy it.

  • Update applications without interruptions

    AWS AppConfig deploys configuration changes to your targets at runtime without a heavy-weight build process or taking your targets out of service.

  • Control deployment of changes across your application

    When deploying configuration changes to your targets, AppConfig enables you to minimize risk by using a deployment strategy. You can use the rate controls of a deployment strategy to determine how fast you want your application targets to receive a configuration change.

What types of targets are supported?

You can use AWS AppConfig with applications hosted on EC2 instances, AWS Lambda, containers, mobile applications, or IoT devices. Targets don't need to be configured with the Systems Manager SSM Agent or the AWS Identity and Access Management (IAM) instance profile required by other Systems Manager capabilities. This means that AWS AppConfig works with unmanaged instances.

Is there a charge to use AWS AppConfig?

Yes. For more information, see AWS Systems Manager Pricing.

Do I have to change my application to work with AWS AppConfig?

Yes. You must configure your application to poll for new configuration updates by using the GetConfiguration API action. When a new or updated configuration is ready, AWS AppConfig deploys the configuration file to each target in your deployment strategy.

How does AWS AppConfig work?

At a high level, there are three processes for working with AWS AppConfig.

  1. Configure AWS AppConfig to work with your application.

  2. Enable your application code to periodically check for and receive configuration data from AWS AppConfig.

  3. Deploy a new or updated configuration.

Configure AWS AppConfig to work with your application

To configure AWS AppConfig to work with your application, you set up three types of resources.

Resource Details


An application in AWS AppConfig is a logical unit of code that provides capabilities for your customers. For example, an application can be a microservice that runs on EC2 instances, a mobile application installed by your users, a serverless application using Amazon API Gateway and AWS Lambda, or any system you run on behalf of others.


For each application, you define one or more environments. An environment is a logical deployment group of AWS AppConfig applications, such as applications in a Beta or Production environment. You can also define environments for application subcomponents such as the Web, Mobile, and Back-end components for your application. You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration.

Configuration profile

A configuration profile enables AWS AppConfig to access your configuration in its stored location. You can store configurations in the following formats and locations:

  • YAML, JSON, or text documents in the AWS AppConfig hosted configuration store

  • Objects in an Amazon Simple Storage Service (Amazon S3) bucket

  • Documents in the Systems Manager document store

  • Parameters in Parameter Store

A configuration profile can also include optional validators to ensure your configuration data is syntactically and semantically correct. AWS AppConfig performs a check using the validators when you start a deployment. If any errors are detected, the deployment stops before making any changes to the targets of the configuration.

Enable your application code to periodically check for and receive configuration data from AWS AppConfig

Using the GetConfiguration API action, AWS AppConfig offers dynamic configuration updates in a controlled manner. You must configure your application code to call this API action on a periodic basis. When called, your code sends the following information:

  • The IDs of an AWS AppConfig application, environment, and configuration profile.

  • A unique application instance identifier called a client ID.

  • The last configuration version known by your application code.

When a new configuration is deployed (which means there is a new version of the configuration), AWS AppConfig responds to the GetConfiguration request and returns the new configuration data.

Deploy a new or updated configuration

AWS AppConfig enables you to deploy configurations in the manner that best suits the use case of your applications. You can deploy changes in seconds or you can roll them out slowly to assess the impact of the changes. The AWS AppConfig resource that helps you control deployments is called a deployment strategy. A deployment strategy includes the following information:

  • Total amount of time for a deployment to last. (DeploymentDurationInMinutes).

  • The percentage of targets to receive a deployed configuration during each interval. (GrowthFactor).

  • The amount of time AWS AppConfig monitors for alarms before considering the deployment to be complete and no longer eligible for automatic rollback. (FinalBakeTimeInMinutes).

You can use built-in deployment strategies that cover common scenarios or you can create your own. After you create or choose a deployment strategy, you start the deployment. Starting the deployment calls the StartDeployment API action. The call includes the IDs of an application, environment, configuration profile, and (optionally) the configuration data version to deploy. The call also includes the ID of the deployment strategy to use, which determines how the configuration data rolls out.

What are the Service Quotas of AWS AppConfig?

Resource Quota

AWS AppConfig applications


Deployment strategies


Environments per AWS AppConfig application


Configuration profiles per AWS AppConfig application



For information about quotas for services that store AWS AppConfig configurations, see About configuration store quotas and limitations.