2.2.1.7. Optimal Configuration Management Services (OpsWorks, Systems Manager, Config, AppConfig)
2.2.1.7. Optimal Configuration Management Services (OpsWorks, Systems Manager, AppConfig)
Each configuration management service targets a different operational concern. The exam tests whether you can pick the right tool.
| Service | Best For | Mechanism |
|---|---|---|
| SSM State Manager | OS/agent config, desired state enforcement | SSM Documents on schedule |
| OpsWorks (Chef/Puppet) | Complex server config, legacy Chef/Puppet | Chef recipes / Puppet manifests |
| AppConfig | Feature flags, runtime parameters | Gradual deploy with rollback |
| SSM Parameter Store | Key-value config, environment variables | API-based retrieval |
SSM State Manager runs SSM documents against targeted instances on a schedule. Common use: ensure the CloudWatch agent is always installed and correctly configured.
OpsWorks Stacks models infrastructure as layers (web, app, database) and applies Chef recipes at lifecycle events. OpsWorks for Chef Automate provides a fully managed Chef server.
AppConfig deploys configuration changes separately from code deployments:
- Deployment strategies: Linear (gradual %), exponential (doubling), all-at-once
- Validators: Lambda functions or JSON schemas validate config before deployment
- Automatic rollback: Rolls back if a CloudWatch alarm triggers during deployment
# Deploy an AppConfig feature flag with 20% linear rollout
aws appconfig start-deployment \
--application-id abc123 --environment-id env456 \
--configuration-profile-id prof789 \
--configuration-version 2 \
--deployment-strategy-id Linear20PercentEvery6Minutes
Exam Trap: OpsWorks is a legacy service — AWS recommends SSM for new workloads. But the exam still tests OpsWorks concepts, especially the lifecycle event model (setup → configure → deploy → undeploy → shutdown). If a question mentions Chef cookbooks or Puppet manifests, OpsWorks is the answer.
