When we deploy and run applications on AWS (or anywhere really) most times we need to configure that application so that it can find the other services and applications it needs to run correctly. Today I will look at a the simple way of using config files deployed to your application servers and then using DynamoDB to store configuration of your application.
Config Files
Configuration files are the good ol’ fashioned way of passing an application the variables it needs to get up and running. These are simple files, generally in a format that is native to the language that the application was written in and are good for a few simple values that don’t change on a regular basis.
When we use config files in AWS there are a few things that we need to take care of. First up we are generally hosting our applications in a auto-scaling group so the configuration files need to be grabbed from a central store of some kind. A good solution for this is to use a web host with a firewall restriction to only allow access from the application hosts. This means that the config files are stored securely and can only be accessed by the hosts that need it.
Once we have these files setup and in place all the application hosts need to do I download the files to the correct place when their service starts.
Config files are quite easy to get up and running, but they are not suitable for more than a few simple lines of static unchanging configuration. Also if you secure access to the config files well then getting to the files to change configuration values can be quite challenging. One solution to this issue is to have two config files, one with sensitive information in (passwords, encryption strings, hostnames) and another file for normal application settings. This then allows you to give more people access to the less secure files to make application settings changes while still protecting the passwords and other secure information the app requires to run.
DynamoDB Config Tables
Another option is to use DynamoDB config tables to pass configuration variables to the application. This has the advantage of allowing editing of the application config files with a UI based system and also offers security in the form of access management. DynamoDB based configuration allows for easier management of complex configuration object, and also easier searching for configurations. There is no configuration server that needs to be connected to, you just need use the AWS SDK’s to connect to dynamodb and load your configuration table(s). This also provides easier movement between AWS environments i.e.: when you run your application in a new environment it will connect to that environments DynamoDB tables and load that environments specific configurations!
The only major drawback of using DynamoDB tables as a configuration management tool is it requires use of the AWS SDK which adds an application side dependency that may not otherwise be required. It is also no use for third-party tools that do not support DynamoDB as a source for configuration.
These are just a few ideas on how to manage simple configuration when you are running on AWS. Next time I will have a look at a few other tools that can help!
Until then…
Coffee to Code
Tim Gray