Chef Extends OpsWorks Capabilities in AWS

| by Helen Beal Follow 0 Followers on Dec 06, 2017. Estimated reading time: 2 minutes |

A note to our readers: You asked so we have developed a set of features that allow you to reduce the noise: you can get email and web notifications for topics you are interested in. Learn more about our new features.

Continuous Automation software vendor Chef has announced new capabilities to address application lifecycle control concerns in containers in AWS at re:INVENT 2017. New functionality includes native Amazon Elastic Container Registry (ECR) support, and integrated compliance that builds on AWS OpsWorks for Chef Automate (OWCA), announced in 2016.

AWS OpsWorks for Chef Automate provides a managed Chef server and suite of automation tools that provide workflow automation for continuous deployment, automated testing for compliance and security and user interface displaying the status of nodes. The Chef server handles operational tasks such as software and operating system configurations, package installations, database setups, central storage of configuration tasks, provision of configurations to nodes and automatic registration of new nodes.

Amazon OpsWorks for Chef Automate now provides a compliance-as-code solution so that customers can:

  • Scan their infrastructure for security risks and compliance issues
  • Generate reports classified by severity and impact levels
  • Build automated testing into their deployment pipelines

Chef has extended these features previously available in Chef Automate 1.6 to OWCA. Mike Krasnow, product manager at Chef, says:

You can now automate compliance in OWCA by deploying the audit cookbook to your nodes in OpsWorks and defining which profiles to use. This runs InSpec compliance scans on the nodes via Chef client and report results back to Chef Automate.

Chef Compliance for OWCA tracks the compliance of managed nodes in infrastructure based on predefined policies, also called rules. Compliance views audit applications for vulnerabilities and non-compliant configurations. A number of predefined Compliance profiles (collections of rules that apply to specific node configurations) are available that can be used in Compliance scans. Customers can also use the Chef Compliance language to create custom profiles.

Application teams can now package applications with Habitat Builder and output them natively to Amazon ECR. This enables application automation and workload migration to Amazon EC2 Container Service (ECS).

Tasha Drew, product manager at Chef, explains:

Habitat Builder enables users to programmatically build, export, and publish their applications and services to container registries.

Users of Habitat Builder can deliver applications in an atomic, immutable, isolated artifact that is automatically rebuilt as upstream dependencies, libraries, and application code are updated. This Habitat artifact (*.hart) can then be automatically exported to a variety of formats, depending on the environment and job you are trying to do, including a Docker container.

Once you’ve set up your package to automatically export as a Docker container, you can integrate your Habitat Builder origin with a container registry, and automatically publish your application and services as a container to the registry or registries that best complement your workflow. Amazon ECR is now available as a publishing location.

Also announced is that Chef is now a member of the AWS Public Sector Partner Program, and Chef Automate is now available in the AWS GovCloud Marketplace and AWS Marketplace for the U.S. Intelligence Community.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you