Validate YAML Configurations in AWS AppConfig

Saturday, August 08, 2020 by Ujjwal Bhardwaj

In the previous post, we discussed how to set up an architecture for dynamic configuration management in AWS AppConfig. It describes how we can automate the deployment of configuration on uploading the file in S3.

However, dynamically updating configurations introduces the risk of failures due to some syntactic or semantic errors in the uploaded file. To prevent this, AppConfig supports built-in validation checks. The validator ensures that configuration you want to deploy does not lead to a failure in the system and fetch the last valid configuration version in case of any errors.

While creation the configuration profile, you have the option to provide AWS Lambda function as a validator. When you start the deployment, the Lambda function is triggered. This lambda function receives the content in the event which we can parse for validation.

In this post, we consider a scenario where you want to prepare an Allow List of users that can access a feature on specific dates. We can use the following YAML configuration file to demonstrate this use case:

myFeature:
  - date: 25-06-2020
    users:
      - username1
      - username2
      - username3
      - username4
      - username5
  - date: 26-06-2020
    stationCodes:
      - username2
      - username4
      - username6

AWS Lambda Validator

To validate this YAML content, we can prepare a Lambda function that reads the base64 encoded data from the event and then validates it using Cerberus

You define a schema for your YAML file and then simply invoke the validate() method to validate your data against the schema. It returns a boolean response based on the validation result. As mentioned in the AWS Documentation, we throw an exception in case there is a failure in validation.

import cerberus
import yaml
import base64

YAML_SCHEMA = {
  'myFeature':{
    'required': True,
    'type':'list', 
    'schema': {
      'type': 'dict', 
      'schema': {
        'date': {
          'required': True,
          'type': 'string'
        }, 
        'users': {
          'required': True,
          'type': 'list', 
          'schema': {
            'type': 'string'
          }
        }
      }
    }
  }
}
VALIDATOR = cerberus.Validator(YAML_SCHEMA)

def lambda_handler(event, context):
    content = base64.b64decode(event['content'])
    yaml_configuration = yaml.load(content, Loader=yaml.FullLoader)

    if VALIDATOR.validate(yaml_configuration):
        print("Passed")
    else:
        raise Exception("Failure!")

Conclusion

AWS AppConfig is a fairly new service and lacks some examples in its documentation to help effectively use its features. This blog posts handled one such example around validating input configuration.

If you have feedback about this post, please feel free to submit comments in the Comments section below.