2.1 Overview
Configuration management ensures that your infrastructure and applications are configured consistently, reproducibly, and automatically. AWS provides several services and patterns for managing configuration at scale.
2.2 EC2 Configuration Options
EC2 User Data
- Shell script or cloud-init directives that run ONCE at instance first boot
- Use for: install packages, download code, start services, configure agent
- Runs as root. Output logged to /var/log/cloud-init-output.log
- Max size: 16 KB (base64 encoded). For larger: download script from S3.
- Does NOT re-run on stop/start (only first boot unless cloud-init configured)
CloudFormation cfn-init
- More structured than User Data: declare packages, files, services, commands in metadata
- Defined in CloudFormation template metadata (AWS::CloudFormation::Init)
- Runs via cfn-init helper script (called from User Data)
- Supports: packages (yum, apt, pip), files (create/download), services (start/enable), commands
- cfn-signal: signal CloudFormation that initialization completed (with CreationPolicy/WaitCondition)
- cfn-hup: daemon that detects metadata changes and re-runs cfn-init (for updates, not just first boot)
CloudFormation Helper Scripts Summary
2.3 AWS OpsWorks
AWS OpsWorks is a configuration management service that uses Chef or Puppet to automate server configuration.
OpsWorks Flavors
- OpsWorks is for organizations already using Chef or Puppet who want managed infrastructure for these tools
- For new workloads, AWS recommends SSM (Systems Manager) instead of OpsWorks
- Exam: if the question mentions "Chef" or "Puppet" = OpsWorks
2.4 AWS Elastic Beanstalk Configuration
Elastic Beanstalk provides platform-level configuration management for web applications.
- .ebextensions/: folder in your source bundle containing .config files (YAML) for customizing the EB environment
- Configure: packages, files, services, commands, container commands, option settings, resources
- Platform hooks: scripts in .platform/hooks/ that run at specific lifecycle events
- Saved Configurations: save environment config as a named template for reuse
- Environment manifest (env.yml): define linked environments, environment group names
2.5 Amazon EC2 Image Builder
EC2 Image Builder automates the creation, maintenance, and testing of custom AMIs and container images.
- Define image pipelines: base image → build components → test components → output AMI/container
- Build components: scripts that install software, configure OS, harden security
- Test components: validate the image (check installed software, run security scans)
- Schedule: build images on a schedule (weekly, monthly) or on-demand
- Distributes: output AMI to multiple Regions and accounts automatically
- Integration: use output AMI in Auto Scaling Groups, Launch Templates
- Use for: golden AMI pipelines, security-hardened images, patched base images
2.6 AWS AppConfig
AWS AppConfig (part of Systems Manager) is a feature flag and configuration deployment service for applications.
- Deploy configuration changes independently from code deployments
- Feature flags: toggle features on/off without redeploying
- Gradual rollout: deploy config changes with Canary, Linear, or All-at-Once strategies
- Validation: JSON Schema or Lambda validator ensures config is valid before deployment
- Rollback: automatic rollback if CloudWatch alarm triggers during deployment
- Supports: Lambda, EC2, ECS, EKS (any application with the AppConfig agent)
- Use for: feature toggles, operational tuning, A/B experiments, kill switches