© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

AWS OpsWorks & Chef

Jonathan Weiss @jweiss

January 14th, 2014

AWS OpsWorks

Integrated Application management on EC2 •  EC2, ELB, VPC, EIP, EBS, … •  Chef-Solo & Built-in layers •  Monitoring with CloudWatch •  Auto Scaling, Auto Healing •  Fine-grained permissions •  App deployment

AWS Application Management Services

Elastic Beanstalk OpsWorks CloudFormation EC2

Convenience Control

Higher-level Services Do it yourself

How does it work?

Agent on each EC2 instance

The Heart of the Service

6

Agent on each Amazon EC2 instance

Understands a set of commands that are triggered by AWS OpsWorks. The agent then runs a Chef solo run.

Life Cycle Events

7

setup configure deploy undeploy shutdown

A Stack

A Stack with Layers

A Stack with Layers and Instances

Enough talking

DEMO TIME

Chef in AWS OpsWorks vs. Chef Server

Main Differences

•  Chef Setup •  One run vs. discrete events •  Push vs. pull •  Discovery: search & AWS OpsWorks attribute tree •  Data bags

Chef Setup

Chef Solo &

OpsWorks Backend

Chef Client &

Chef Server

Customization Options Built-in layers Override Chef attributes via custom JSON Override Chef attributes via custom cookbook Overwrite Chef template file Deploy hooks Provide custom recipe to extend built-in layer Provide custom recipe to create custom layer cont

rol

sim

ple

Life Cycle Events

•  Give you fine-grained control •  Faster to execute •  Context

Push vs. Pull

•  On-demand and automatic •  Respond immediately to changes in the stack

Discovery: Chef Search

AWS OpsWorks does not offer attribute search Alternative:

node[:opsworks] with similar capabilities to partial_search

AWS OpsWorks Attribute Tree

Find all Rails application servers

rails_servers = node['opsworks']['layers']['rails-app']['instances']

rails_ips = rails_servers.map{|i| i['private_ip'] }

template "/etc/rails-server.conf" do

...

variables({

:ips => rails_server_ips

})

end

Encrypted Data Bags

•  Upload encrypted JSON to S3 •  Have instances access via IAM roles in a recipe

Custom JSON

Arbitrary JSON on stack that is available in Chef if node.foo.bar

... elsif node.foo.baz ... end

{ ‘foo‘: { ‘bar‘: true, ‘baz‘: false } }

Store Secrets on Amazon S3

Access from instance via instance profiles bucket = node['acme']['bucket'] key = node['acme']['key'] s3 = AWS::S3.new obj = s3.buckets[bucket].objects[key] obj.read

The Future

Better Chef Citizen Chef 11.8 local server mode: •  Data bags •  (local) Chef search

More information about AWS OpsWorks

•  Try it out https://console.aws.amazon.com/opsworks/ •  Follow us on twitter @AWSOpsWorks •  Find us on YouTube •  Blog http://blogs.aws.amazon.com/application-management •  Docs http://aws.amazon.com/documentation/opsworks/ •  User tests opsworks-user-tests@amazon.com •  Work with us http://jobs.aws-berlin.com

Thank You

@jweiss