AWS AppConfig Construct Library

This module is part of the AWS Cloud Development Kit project.

For a high level overview of what AWS AppConfig is and how it works, please take a look here: What is AWS AppConfig?

Basic Hosted Configuration Use Case

The main way most AWS AppConfig users utilize the service is through hosted configuration, which involves storing configuration data directly within AWS AppConfig.

An example use case:

app = appconfig.Application(self, "MyApp")
env = appconfig.Environment(self, "MyEnv",
    application=app
)

appconfig.HostedConfiguration(self, "MyHostedConfig",
    application=app,
    deploy_to=[env],
    content=appconfig.ConfigurationContent.from_inline_text("This is my configuration content.")
)

This will create the application and environment for your configuration and then deploy your configuration to the specified environment.

For more information about what these resources are: Creating feature flags and free form configuration data in AWS AppConfig.

For more information about deploying configuration: Deploying feature flags and configuration data in AWS AppConfig


For an in-depth walkthrough of specific resources and how to use them, please take a look at the following sections.

Application

AWS AppConfig Application Documentation

In AWS AppConfig, an application is simply an organizational construct like a folder. Configurations and environments are associated with the application.

When creating an application through CDK, the name and description of an application are optional.

Create a simple application:

appconfig.Application(self, "MyApplication")

Environment

AWS AppConfig Environment Documentation

Basic environment with monitors:

# application: appconfig.Application
# alarm: cloudwatch.Alarm
# composite_alarm: cloudwatch.CompositeAlarm


appconfig.Environment(self, "MyEnvironment",
    application=application,
    monitors=[
        appconfig.Monitor.from_cloud_watch_alarm(alarm),
        appconfig.Monitor.from_cloud_watch_alarm(composite_alarm)
    ]
)

Environment monitors also support L1 CfnEnvironment.MonitorsProperty constructs through the fromCfnMonitorsProperty method. However, this is not the recommended approach for CloudWatch alarms because a role will not be auto-generated if not provided.

See About the AWS AppConfig data plane service for more information.

Permissions

You can grant read permission on the environment’s configurations with the grantReadConfig method as follows:

import aws_cdk.aws_iam as iam


app = appconfig.Application(self, "MyAppConfig")
env = appconfig.Environment(self, "MyEnvironment",
    application=app
)

user = iam.User(self, "MyUser")
env.grant_read_config(user)

Deployment Strategy

AWS AppConfig Deployment Strategy Documentation

A deployment strategy defines how a configuration will roll out. The roll out is defined by four parameters: deployment type, growth factor, deployment duration, and final bake time.

Deployment strategy with predefined values:

appconfig.DeploymentStrategy(self, "MyDeploymentStrategy",
    rollout_strategy=appconfig.RolloutStrategy.CANARY_10_PERCENT_20_MINUTES
)

Deployment strategy with custom values:

appconfig.DeploymentStrategy(self, "MyDeploymentStrategy",
    rollout_strategy=appconfig.RolloutStrategy.linear(
        growth_factor=20,
        deployment_duration=Duration.minutes(30),
        final_bake_time=Duration.minutes(30)
    )
)

Referencing a deployment strategy by ID:

appconfig.DeploymentStrategy.from_deployment_strategy_id(self, "MyImportedDeploymentStrategy", appconfig.DeploymentStrategyId.from_string("abc123"))

Referencing an AWS AppConfig predefined deployment strategy by ID:

appconfig.DeploymentStrategy.from_deployment_strategy_id(self, "MyImportedPredefinedDeploymentStrategy", appconfig.DeploymentStrategyId.CANARY_10_PERCENT_20_MINUTES)

Configuration

A configuration is a higher-level construct that can either be a HostedConfiguration (stored internally through AWS AppConfig) or a SourcedConfiguration (stored in an Amazon S3 bucket, AWS Secrets Manager secrets, Systems Manager (SSM) Parameter Store parameters, SSM documents, or AWS CodePipeline). This construct manages deployments on creation.

HostedConfiguration

A hosted configuration represents configuration stored in the AWS AppConfig hosted configuration store. A hosted configuration takes in the configuration content and associated AWS AppConfig application. On construction of a hosted configuration, the configuration is deployed.

You can define hosted configuration content using any of the following ConfigurationContent methods:

  • fromFile - Defines the hosted configuration content from a file (you can specify a relative path). The content type will be determined by the file extension unless specified.

# application: appconfig.Application


appconfig.HostedConfiguration(self, "MyHostedConfiguration",
    application=application,
    content=appconfig.ConfigurationContent.from_file("config.json")
)
  • fromInlineText - Defines the hosted configuration from inline text. The content type will be set as text/plain.

# application: appconfig.Application


appconfig.HostedConfiguration(self, "MyHostedConfiguration",
    application=application,
    content=appconfig.ConfigurationContent.from_inline_text("This is my configuration content.")
)
  • fromInlineJson - Defines the hosted configuration from inline JSON. The content type will be set as application/json unless specified.

# application: appconfig.Application


appconfig.HostedConfiguration(self, "MyHostedConfiguration",
    application=application,
    content=appconfig.ConfigurationContent.from_inline_json("{}")
)
  • fromInlineYaml - Defines the hosted configuration from inline YAML. The content type will be set as application/x-yaml.

# application: appconfig.Application


appconfig.HostedConfiguration(self, "MyHostedConfiguration",
    application=application,
    content=appconfig.ConfigurationContent.from_inline_yaml("MyConfig: This is my content.")
)
  • fromInline - Defines the hosted configuration from user-specified content types. The content type will be set as application/octet-stream unless specified.

# application: appconfig.Application


appconfig.HostedConfiguration(self, "MyHostedConfiguration",
    application=application,
    content=appconfig.ConfigurationContent.from_inline("This is my configuration content.")
)

AWS AppConfig supports the following types of configuration profiles.

  • Feature flag: Use a feature flag configuration to turn on new features that require a timely deployment, such as a product launch or announcement.

  • Freeform: Use a freeform configuration to carefully introduce changes to your application.

A hosted configuration with type:

# application: appconfig.Application


appconfig.HostedConfiguration(self, "MyHostedConfiguration",
    application=application,
    content=appconfig.ConfigurationContent.from_inline_text("This is my configuration content."),
    type=appconfig.ConfigurationType.FEATURE_FLAGS
)

When you create a configuration and configuration profile, you can specify up to two validators. A validator ensures that your configuration data is syntactically and semantically correct. You can create validators in either JSON Schema or as an AWS Lambda function. See About validators for more information.

When you import a JSON Schema validator from a file, you can pass in a relative path.

A hosted configuration with validators:

# application: appconfig.Application
# fn: lambda.Function


appconfig.HostedConfiguration(self, "MyHostedConfiguration",
    application=application,
    content=appconfig.ConfigurationContent.from_inline_text("This is my configuration content."),
    validators=[
        appconfig.JsonSchemaValidator.from_file("schema.json"),
        appconfig.LambdaValidator.from_function(fn)
    ]
)

You can attach a deployment strategy (as described in the previous section) to your configuration to specify how you want your configuration to roll out.

A hosted configuration with a deployment strategy:

# application: appconfig.Application


appconfig.HostedConfiguration(self, "MyHostedConfiguration",
    application=application,
    content=appconfig.ConfigurationContent.from_inline_text("This is my configuration content."),
    deployment_strategy=appconfig.DeploymentStrategy(self, "MyDeploymentStrategy",
        rollout_strategy=appconfig.RolloutStrategy.linear(
            growth_factor=15,
            deployment_duration=Duration.minutes(30),
            final_bake_time=Duration.minutes(15)
        )
    )
)

The deployTo parameter is used to specify which environments to deploy the configuration to.

A hosted configuration with deployTo:

# application: appconfig.Application
# env: appconfig.Environment


appconfig.HostedConfiguration(self, "MyHostedConfiguration",
    application=application,
    content=appconfig.ConfigurationContent.from_inline_text("This is my configuration content."),
    deploy_to=[env]
)

When more than one configuration is set to deploy to the same environment, the deployments will occur one at a time. This is done to satisfy AppConfig’s constraint:

[!NOTE] You can only deploy one configuration at a time to an environment. However, you can deploy one configuration each to different environments at the same time.

The deployment order matches the order in which the configurations are declared.

app = appconfig.Application(self, "MyApp")
env = appconfig.Environment(self, "MyEnv",
    application=app
)

appconfig.HostedConfiguration(self, "MyFirstHostedConfig",
    application=app,
    deploy_to=[env],
    content=appconfig.ConfigurationContent.from_inline_text("This is my first configuration content.")
)

appconfig.HostedConfiguration(self, "MySecondHostedConfig",
    application=app,
    deploy_to=[env],
    content=appconfig.ConfigurationContent.from_inline_text("This is my second configuration content.")
)

If an application would benefit from a deployment order that differs from the declared order, you can defer the decision by using IEnvironment.addDeployment rather than the deployTo property. In this example, firstConfig will be deployed before secondConfig.

app = appconfig.Application(self, "MyApp")
env = appconfig.Environment(self, "MyEnv",
    application=app
)

second_config = appconfig.HostedConfiguration(self, "MySecondHostedConfig",
    application=app,
    content=appconfig.ConfigurationContent.from_inline_text("This is my second configuration content.")
)

first_config = appconfig.HostedConfiguration(self, "MyFirstHostedConfig",
    application=app,
    deploy_to=[env],
    content=appconfig.ConfigurationContent.from_inline_text("This is my first configuration content.")
)

env.add_deployment(second_config)

Alternatively, you can defer multiple deployments in favor of IEnvironment.addDeployments, which allows you to declare multiple configurations in the order they will be deployed. In this example the deployment order will be firstConfig, then secondConfig, and finally thirdConfig.

app = appconfig.Application(self, "MyApp")
env = appconfig.Environment(self, "MyEnv",
    application=app
)

second_config = appconfig.HostedConfiguration(self, "MySecondHostedConfig",
    application=app,
    content=appconfig.ConfigurationContent.from_inline_text("This is my second configuration content.")
)

third_config = appconfig.HostedConfiguration(self, "MyThirdHostedConfig",
    application=app,
    content=appconfig.ConfigurationContent.from_inline_text("This is my third configuration content.")
)

first_config = appconfig.HostedConfiguration(self, "MyFirstHostedConfig",
    application=app,
    content=appconfig.ConfigurationContent.from_inline_text("This is my first configuration content.")
)

env.add_deployments(first_config, second_config, third_config)

Any mix of deployTo, addDeployment, and addDeployments is permitted. The declaration order will be respected regardless of the approach used.

[!IMPORTANT] If none of these options are utilized, there will not be any deployments.

SourcedConfiguration

A sourced configuration represents configuration stored in any of the following:

  • Amazon S3 bucket

  • AWS Secrets Manager secret

  • Systems Manager

  • (SSM) Parameter Store parameter

  • SSM document

  • AWS CodePipeline.

A sourced configuration takes in the location source construct and optionally a version number to deploy. On construction of a sourced configuration, the configuration is deployed only if a version number is specified.

S3

Use an Amazon S3 bucket to store a configuration.

# application: appconfig.Application


bucket = s3.Bucket(self, "MyBucket",
    versioned=True
)

appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_bucket(bucket, "path/to/file.json")
)

Use an encrypted bucket:

# application: appconfig.Application


bucket = s3.Bucket(self, "MyBucket",
    versioned=True,
    encryption=s3.BucketEncryption.KMS
)

appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_bucket(bucket, "path/to/file.json")
)

AWS Secrets Manager secret

Use a Secrets Manager secret to store a configuration.

# application: appconfig.Application
# secret: secrets.Secret


appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_secret(secret)
)

SSM Parameter Store parameter

Use an SSM parameter to store a configuration.

# application: appconfig.Application
# parameter: ssm.StringParameter


appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_parameter(parameter),
    version_number="1"
)

SSM document

Use an SSM document to store a configuration.

# application: appconfig.Application
# document: ssm.CfnDocument


appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_cfn_document(document)
)

AWS CodePipeline

Use an AWS CodePipeline pipeline to store a configuration.

# application: appconfig.Application
# pipeline: codepipeline.Pipeline


appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_pipeline(pipeline)
)

Similar to a hosted configuration, a sourced configuration can optionally take in a type, validators, a deployTo parameter, and a deployment strategy.

A sourced configuration with type:

# application: appconfig.Application
# bucket: s3.Bucket


appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_bucket(bucket, "path/to/file.json"),
    type=appconfig.ConfigurationType.FEATURE_FLAGS,
    name="MyConfig",
    description="This is my sourced configuration from CDK."
)

A sourced configuration with validators:

# application: appconfig.Application
# bucket: s3.Bucket
# fn: lambda.Function


appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_bucket(bucket, "path/to/file.json"),
    validators=[
        appconfig.JsonSchemaValidator.from_file("schema.json"),
        appconfig.LambdaValidator.from_function(fn)
    ]
)

A sourced configuration with a deployment strategy:

# application: appconfig.Application
# bucket: s3.Bucket


appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_bucket(bucket, "path/to/file.json"),
    deployment_strategy=appconfig.DeploymentStrategy(self, "MyDeploymentStrategy",
        rollout_strategy=appconfig.RolloutStrategy.linear(
            growth_factor=15,
            deployment_duration=Duration.minutes(30),
            final_bake_time=Duration.minutes(15)
        )
    )
)

Extension

An extension augments your ability to inject logic or behavior at different points during the AWS AppConfig workflow of creating or deploying a configuration. See: https://docs.aws.amazon.com/appconfig/latest/userguide/working-with-appconfig-extensions.html

AWS Lambda destination

Use an AWS Lambda as the event destination for an extension.

# fn: lambda.Function


appconfig.Extension(self, "MyExtension",
    actions=[
        appconfig.Action(
            action_points=[appconfig.ActionPoint.ON_DEPLOYMENT_START],
            event_destination=appconfig.LambdaDestination(fn)
        )
    ]
)

Lambda extension with parameters:

# fn: lambda.Function


appconfig.Extension(self, "MyExtension",
    actions=[
        appconfig.Action(
            action_points=[appconfig.ActionPoint.ON_DEPLOYMENT_START],
            event_destination=appconfig.LambdaDestination(fn)
        )
    ],
    parameters=[
        appconfig.Parameter.required("testParam", "true"),
        appconfig.Parameter.not_required("testNotRequiredParam")
    ]
)

Amazon Simple Queue Service (SQS) destination

Use a queue as the event destination for an extension.

# queue: sqs.Queue


appconfig.Extension(self, "MyExtension",
    actions=[
        appconfig.Action(
            action_points=[appconfig.ActionPoint.ON_DEPLOYMENT_START],
            event_destination=appconfig.SqsDestination(queue)
        )
    ]
)

Amazon Simple Notification Service (SNS) destination

Use an SNS topic as the event destination for an extension.

# topic: sns.Topic


appconfig.Extension(self, "MyExtension",
    actions=[
        appconfig.Action(
            action_points=[appconfig.ActionPoint.ON_DEPLOYMENT_START],
            event_destination=appconfig.SnsDestination(topic)
        )
    ]
)

Amazon EventBridge destination

Use the default event bus as the event destination for an extension.

bus = events.EventBus.from_event_bus_name(self, "MyEventBus", "default")

appconfig.Extension(self, "MyExtension",
    actions=[
        appconfig.Action(
            action_points=[appconfig.ActionPoint.ON_DEPLOYMENT_START],
            event_destination=appconfig.EventBridgeDestination(bus)
        )
    ]
)

You can also add extensions and their associations directly by calling onDeploymentComplete() or any other action point method on the AWS AppConfig application, configuration, or environment resource. To add an association to an existing extension, you can call addExtension() on the resource.

Adding an association to an AWS AppConfig application:

# application: appconfig.Application
# extension: appconfig.Extension
# lambda_destination: appconfig.LambdaDestination


application.add_extension(extension)
application.on_deployment_complete(lambda_destination)