Jtdcftul

We've got a fleet of Nginx servers on Amazon EC2 where we occasionally need to update the configuration files to implement new settings.

Currently we have the configurations in a custom AMI and if we need to update we have to rebuild the AMI and then EC2 instances. We've got some helper scripts, but it's still quite an effort to do that. Is there is some better way?

There are a number of concepts that you can leverage.

The key to success is automation

First option is to keep doing what you're doing now, i.e. rebuild the EC2s with every configuration change. Just in a fully automated way.

As you're now doing configuration updates through AMIs you take this one step further and create a pipeline that, upon a configuration file change in some repository, will:

1. Automatically build a new AMI - one of the most popular tools to do that is Packer
   


2. Automatically rebuild your Nginx fleet - you should already have all the Nginx servers in an Auto-Scaling Group with an Application Load Balancer in front. If you don't you should as it will make the update as simple as updating the ASG Launch Configuration and waiting for the instances to get re-built from the new AMI.

Second option is to keep the instances in place and only deploy the configuration files, without rebuilding them. Generally you can treat configuration files as code and deploy your configuration changes the same way you would deploy code releases. AWS has many tools to help with that.

• 
  AWS Elastic Beanstalk that uses Chef internally and you can script your Nginx updates this way.


• 
  AWS Code Deploy which is a fully scriptable deployment tool that integrates well with other parts of the AWS Code Suite:
  
  
  
  
  • 
    Code Commit where you can keep your Nginx configuration files in Git.
  
  
  • 
    Code Pipeline that can automatically trigger the deployment whenever a configuration file is updated in Code Commit.
  
  
  
  


• 
  Ansible or Puppet which are popular non-AWS tools that can help you keep all the servers configured the same way.

Once you're comfortable with automating these Nginx configuration updates you may want to extend the automation to the rest of your infrastructure.

There is a great whitepaper Overview of Deployment Options on AWS that will give you a nice overview.

I hope that helps :)

Store your configurations on EFS, and mount EFS in the location Nginx configurations are expected. Alternately put them on Amazon S3 and run a sync occasionally, or use s3fs (beware s3fs may not be good enough for production use).

When you need change your configuration, increase your autoscaling group desired size to double what you need to trigger new instances with the new configuration, and then back down to what you need which will remove the old instances. Alternately just do a rolling reboot of the servers.

Another option is to just push the new configurations to your server using a basic automation tool, like AWS code deploy.

The fully automated options above are technically better and cleaner, but if you rarely change configurations and want an easy solution this could help.

AWS Run Command
https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html

Or you could use Opsworks
https://aws.amazon.com/opsworks/

Rebuilding the AMIs or creating a fully fledged deployment pipelines like the others suggest just for a config file change seems like an overkill. You should use Ansible to push out changes and to keep all your nodes in sync. There are many Ansible modules that can help you automate the common tasks.