The Secret Life of AWS: The Master Switch (AWS AppConfig & Feature Flags)

-

 

The Secret Life of AWS: The Master Switch (AWS AppConfig & Feature Flags)

How to decouple code deployment from feature release using AWS AppConfig and feature flags

#AWS #AppConfig #FeatureFlags #Serverless



Margaret is a senior software engineer. Timothy is her junior colleague. They work in a grand Victorian library in London — the kind of place where code quality is the unspoken objective, and craftsmanship is the only thing that matters.

Episode 75

Timothy was staring at a calendar invite from the marketing team. He let out a long sigh and slumped back in his chair inside the grand Victorian library studio.

Margaret looked up from her notes. "Seventy-five episodes, Timothy. You have gone from wondering what a Lambda function is, to building a continent-spanning architecture. You survived chaos engineering and multi-region failovers. What could possibly be on that calendar that has you looking so defeated?"

"The new AI Recommendation Engine," Timothy grumbled. "It is a massive new feature. Marketing wants to launch it next Tuesday at exactly 9:00 AM for our premium tier users, and then roll it out to everyone else on Thursday at noon. Oh, and if customer support gets overwhelmed, they want me to immediately turn it off."

"That sounds like a standard product launch," Margaret observed.

"But think about the deployment logistics!" Timothy said, throwing his hands up. "I have to sit here on Tuesday at 8:55 AM, frantically pushing code through our pipeline, praying the Canary deployment finishes by 9:00 AM. Then I have to push another update on Thursday. And if there is an issue, I have to execute an emergency rollback deployment. I am turning into a human switchboard."

Margaret smiled gently. "Timothy, you are conflating two very different things. Deploying code is a technical event. Releasing a feature is a business event. They should never happen at the same time. We use Parameter Store for static infrastructure data, but for dynamic runtime control, we need to implement Feature Flags using AWS AppConfig."

The Dark Launch

Margaret took the keyboard and opened the AWS Console.

"Right now, when your code hits production, it is instantly live for the users," Margaret explained. "We are going to change that. You are going to deploy the AI Recommendation Engine today—a week early. But the code will be 'dark.' It will be sitting in production, completely dormant, hidden behind a logical toggle."

She opened Timothy's AWS Cloud Development Kit (CDK) stack and his Node.js Lambda function to implement the Master Switch.

const { AppConfigDataClient, GetLatestConfigurationCommand, StartConfigurationSessionCommand } = require("@aws-sdk/client-appconfigdata");
const client = new AppConfigDataClient({ region: "us-east-1" });

let configToken = null; // Cache the session token outside the handler
let featureFlags = {};  // Cache the flag states in memory

exports.handler = async function getProductRecommendations(event) {
    // 1. Start a configuration session (usually done once per warm start)
    if (!configToken) {
        const session = await client.send(new StartConfigurationSessionCommand({
            ApplicationIdentifier: "ecommerce-app",
            EnvironmentIdentifier: "production",
            ConfigurationProfileIdentifier: "feature-flags"
        }));
        configToken = session.InitialConfigurationToken;
    }

    // 2. Fetch the latest feature flags from AWS AppConfig in milliseconds
    const response = await client.send(new GetLatestConfigurationCommand({
        ConfigurationToken: configToken
    }));
    
    // Update the token for the next call and parse the flags if they changed
    configToken = response.NextPollConfigurationToken;
    if (response.Configuration) {
        featureFlags = JSON.parse(new TextDecoder().decode(response.Configuration));
    }

    // 3. The Master Switch: Route logic based on dynamic configuration
    const userTier = event.requestContext.authorizer.claims.tier;

    if (featureFlags.enableAiRecommendations && userTier === 'premium') {
        return await callNewAiEngine(event.productId);
    } else {
        return await callLegacyEngine(event.productId);
    }
}

The Business Handoff

Timothy studied the if statement. "The Lambda function asks AWS AppConfig for the enableAiRecommendations flag. If it is false, the function just ignores the new AI code and runs the legacy engine. And by caching that configToken outside the handler, we are not constantly downloading the same JSON."

"Exactly," Margaret said. "AppConfig has a built-in polling mechanism. By passing that token back on each invocation, AWS only returns a new payload if the configuration actually changed. It is incredibly efficient. You deploy this code today. It is completely safe because the flag is set to false. Your deployment is finished."

"So what happens on Tuesday at 9:00 AM?" Timothy asked.

"On Tuesday at 8:59 AM, the marketing manager—not you—logs into the AWS AppConfig console," Margaret smiled. "They click a button to change enableAiRecommendations to true. Within seconds, AppConfig propagates that tiny JSON payload to your Lambda function. The if statement evaluates to true, and the feature is live."

"No code deployment," Timothy realized, his eyes widening. "No CI/CD pipeline, no waiting for Canary shifts. The compute layer doesn't change at all; only the configuration changes."

"Precisely," Margaret nodded. "AppConfig even supports gradual flag rollouts, meaning marketing can enable the AI engine for just 10% of premium users on Tuesday to test the waters. And if customer support gets overwhelmed at 10:00 AM, the marketing manager simply flips the flag back to false. The feature instantly vanishes from the app. You have completely decoupled the technical deployment from the business release. You are no longer a human switchboard."

Timothy updated his architecture diagram, adding an AWS AppConfig block next to his Lambda functions. After seventy-five architectural evolutions, his infrastructure wasn't just resilient and fast anymore; it was dynamically controllable, giving his business team the ultimate power over their product.

Key Concepts Introduced

Decoupling Deployment from Release: A mature DevOps philosophy. Deployment is the technical act of moving code into a production environment. Release is the business act of exposing that code to end-users. By separating the two, engineering teams can deploy during normal business hours without stress, while product teams can release features at exact marketing deadlines.

Feature Flags (Feature Toggles): A software development technique that allows teams to turn specific features of an application on or off at runtime without modifying or deploying new code. They are typically implemented as simple conditional (if/else) statements referencing a centralized configuration store.

Dark Launching: The practice of deploying a new feature into production with its feature flag turned off. This allows the code to exist in the live environment without impacting users, removing the risk of a "big bang" release.

AWS AppConfig vs. Parameter Store: While AWS Systems Manager Parameter Store is excellent for static infrastructure configuration and secrets, AWS AppConfig is purpose-built for managing dynamic runtime behavior. AppConfig features built-in polling, deployment strategies (like rolling out a flag change gradually to 10% of users), and validation checks to prevent malformed configuration files from crashing an application.

Aaron Rose is a software engineer and technology writer at tech-reader.blog

Catch up on the latest explainer videos, podcasts, and industry discussions below.


Popular posts from this blog

Insight: The Great Minimal OS Showdown—DietPi vs Raspberry Pi OS Lite

-
Image
Insight: The Great Minimal OS Showdown—DietPi vs Raspberry Pi OS Lite When you're building a headless server, IoT device, or lightweight project box, the last thing you want is bloatware eating your precious resources. Enter the world of minimal operating systems—where every megabyte matters and efficiency reigns supreme. Two contenders dominate this space: DietPi and Raspberry Pi OS Lite. Both promise lean, mean computing machines that boot straight to the command line. But scratch beneath the surface, and you'll find they take fundamentally different approaches to the "less is more" philosophy. The Minimalist's Dilemma Picture this: You've got a Raspberry Pi 3B+ sitting on your desk, destined to become a home media server. Do you go with the familiar comfort of Raspberry Pi OS Lite, or venture into DietPi's optimized territory? The choice isn't just about personal preference—it's about understanding what "minimal" means to each operatin...
Read more

Running AI Models on Raspberry Pi 5 (8GB RAM): What Works and What Doesn't

-
Image
  Running AI Models on Raspberry Pi 5 (8GB RAM): What Works and What Doesn't The Raspberry Pi 5, with its upgraded processing power and 8GB RAM option, brings new possibilities for running AI models at the edge. While it remains a low-power alternative to high-end GPUs, the improvements over previous models make it an intriguing choice for machine learning projects. However, not all AI models run smoothly on the Pi 5, and understanding its strengths and limitations is key to making the right deployment decisions. The Raspberry Pi 5 as an AI Workhorse? At first glance, the Raspberry Pi 5's quad-core Cortex-A76 processor, clocked at 2.4 GHz, seems like a step toward AI workloads. Paired with 8GB of LPDDR4X RAM, it offers a substantial improvement in memory bandwidth and processing efficiency compared to its predecessors. But raw specs only tell part of the story. AI models demand specialized hardware acceleration, and while the Pi 5 can handle some tasks, complex deep learning mo...
Read more

Raspberry Pi Connect vs. RealVNC: A Comprehensive Comparison

-
Image
Raspberry Pi Connect vs. RealVNC:  A  Comprehensive Comparison The Raspberry Pi has revolutionized the way we interact with computers, providing a low-cost, highly adaptable platform for countless applications. One critical aspect of using a Raspberry Pi, especially for remote management and control, is the ability to access it from another device. Historically, RealVNC has been the go-to solution for this purpose. However, the recent introduction of Raspberry Pi Connect offers an integrated alternative. This article will compare Raspberry Pi Connect and RealVNC, exploring their features, requirements, and practical applications. Introduction to Raspberry Pi Connect Raspberry Pi Connect is a new VNC service directly integrated into Raspberry Pi OS 12. Designed for simplicity and ease of use, Connect aims to provide a seamless remote desktop experience for Raspberry Pi users. Currently in beta, Raspberry Pi Connect is free to use and requires a Raspberry Pi 4, 400, or 5 running...
Read more