Continuous Automation software vendor Chef has announced new capabilities to address application lifecycle control concerns in containers in AWS at re:INVENT 2017. New functionality includes native Amazon Elastic Container Registry (ECR) support, and integrated compliance that builds on AWS OpsWorks for Chef Automate (OWCA), announced in 2016.
AWS OpsWorks for Chef Automate provides a managed Chef server and suite of automation tools that provide workflow automation for continuous deployment, automated testing for compliance and security and user interface displaying the status of nodes. The Chef server handles operational tasks such as software and operating system configurations, package installations, database setups, central storage of configuration tasks, provision of configurations to nodes and automatic registration of new nodes.
Amazon OpsWorks for Chef Automate now provides a compliance-as-code solution so that customers can:
- Scan their infrastructure for security risks and compliance issues
- Generate reports classified by severity and impact levels
- Build automated testing into their deployment pipelines
Chef has extended these features previously available in Chef Automate 1.6 to OWCA. Mike Krasnow, product manager at Chef, says:
You can now automate compliance in OWCA by deploying the audit cookbook to your nodes in OpsWorks and defining which profiles to use. This runs InSpec compliance scans on the nodes via Chef client and report results back to Chef Automate.
Chef Compliance for OWCA tracks the compliance of managed nodes in infrastructure based on predefined policies, also called rules. Compliance views audit applications for vulnerabilities and non-compliant configurations. A number of predefined Compliance profiles (collections of rules that apply to specific node configurations) are available that can be used in Compliance scans. Customers can also use the Chef Compliance language to create custom profiles.
Application teams can now package applications with Habitat Builder and output them natively to Amazon ECR. This enables application automation and workload migration to Amazon EC2 Container Service (ECS).
Tasha Drew, product manager at Chef, explains:
Habitat Builder enables users to programmatically build, export, and publish their applications and services to container registries.
Users of Habitat Builder can deliver applications in an atomic, immutable, isolated artifact that is automatically rebuilt as upstream dependencies, libraries, and application code are updated. This Habitat artifact (*.hart) can then be automatically exported to a variety of formats, depending on the environment and job you are trying to do, including a Docker container.
Once you’ve set up your package to automatically export as a Docker container, you can integrate your Habitat Builder origin with a container registry, and automatically publish your application and services as a container to the registry or registries that best complement your workflow. Amazon ECR is now available as a publishing location.
Also announced is that Chef is now a member of the AWS Public Sector Partner Program, and Chef Automate is now available in the AWS GovCloud Marketplace and AWS Marketplace for the U.S. Intelligence Community.