Implementing Feature Flags with AWS AppConfig - Safe Configuration Deployment and Rollback
Roll out configuration changes independently from code deployments using Linear and Exponential strategies. Ensure safety with automatic rollback triggered by CloudWatch alarms.
Overview of AppConfig
AppConfig is a service for safely deploying application configuration. It allows you to change feature flags, tuning parameters, allow lists, and other settings independently from code deployments. Configuration changes are rolled out gradually, and automatic rollback occurs when issues are detected. Applications running on Lambda, ECS, or EC2 retrieve configuration via the SDK or extensions. Provided as a feature of Systems Manager, it has its own service endpoint and a dedicated AppConfig console. Configuration profiles come in two types: freeform (YAML/JSON/text) and feature flags (structured ON/OFF with variations), chosen based on the use case.
Deployment Strategies and Automatic Rollback
Deployment strategies control the speed of rollout. Linear deploys evenly at fixed intervals, while Exponential starts with a small number of hosts and gradually expands. AWS provides preset strategies such as AppConfig.Linear50PercentEvery30Seconds (fast deployment for testing) and AppConfig.AllAtOnce (immediate rollout). Custom strategies allow you to freely configure deployment time, growth factor, and final bake time. When you set a CloudWatch alarm as a monitor, automatic rollback is triggered if the alarm fires during deployment. For example, you can set an error rate alarm so that if errors increase with the new configuration, it immediately reverts to the previous settings. Validators come in two types: JSON Schema for syntax checking and Lambda functions for logic checking, preventing deployment of invalid configuration values. Lambda validators can implement advanced validation including external API calls and database lookups.
Feature Flag Design Patterns
Feature flags are defined in JSON format, with each flag having an enabled/disabled state and attributes (target users, rollout percentage). In a gradual rollout, you first expose a new feature to 5% of internal users, then expand to 25%, 50%, and 100% while monitoring error rates. Setting a CloudWatch alarm as a validator triggers automatic rollback if the error rate exceeds the threshold. Lambda extensions cache flag values to reduce API call latency. A common operational pattern is to set different flag values per environment (dev/staging/prod) and apply gradual rollout only in the production environment. For a systematic understanding of AppConfig from basics to advanced topics, books on Amazon can help.
Comparison with Other Feature Flag Approaches
Besides AppConfig, feature flag implementations include environment variables, Parameter Store, SaaS solutions like LaunchDarkly, and custom database flag tables. Environment variables are simplest but require deployment to change and lack gradual rollout. Systems Manager Parameter Store supports real-time retrieval but does not include built-in gradual deployment strategies or rollback mechanisms. SaaS solutions like LaunchDarkly offer rich user segmentation and targeting but introduce external service dependency and monthly costs. AppConfig's strength is being AWS-native with no additional external dependencies, combining gradual deployment with CloudWatch-integrated rollback in a unified package. On the other hand, when detailed targeting based on user attributes (A/B testing, etc.) is needed, CloudWatch Evidently or external SaaS solutions offer richer functionality.
Operational Best Practices and Pitfalls
Recommended operational practices include establishing a prefix naming convention (feature-name-flag-name) for flags so they remain searchable as numbers grow. Remove flags promptly when no longer needed to prevent remaining code references from becoming technical debt. Set the deployment strategy's bake time (FinalBakeTimeInMinutes) to at least as long as it takes for application metrics to stabilize; if too short, the deployment completes before errors surface and rollback cannot trigger. The Lambda extension polling interval defaults to 45 seconds but can be shortened to 15 seconds when immediate configuration updates are critical. However, shorter intervals increase request counts and affect costs, so balance traffic volume with responsiveness. The maximum size for a feature flag profile is 1 MB; avoid packing too many flags into a single profile and consider splitting profiles per microservice.
AppConfig Pricing
AppConfig pricing is based on the number of configuration retrieval requests. At approximately $2 per million requests, costs vary depending on how frequently feature flags are evaluated. Enabling caching with Lambda extensions consolidates requests to one per polling interval (default 45 seconds), keeping request counts low even with high Lambda invocation rates. There are no additional charges for deployments themselves. There is no pricing difference between freeform configuration profiles and feature flag profiles, so you can choose based on your use case.
Summary
AppConfig is a service for safely deploying feature flags and configuration values independently from code deployments. It gradually rolls out changes using Linear and Exponential deployment strategies, and minimizes incident risk from configuration changes through automatic rollback triggered by CloudWatch alarms. It also enables low-latency configuration retrieval through caching with Lambda extensions. Its greatest advantage is completing gradual deployment natively within AWS without external dependencies, and with proper flag lifecycle management and deployment strategy design, it enables safe and agile feature releases.