Configuration Management Tool

AWS: Getting started with Chef 

Chef is an automation company, founded in 2008 and since then it has been able to bring together developers and system administrators in using the automation tool.

Chef is a powerful automation platform that transforms infrastructure into code. Regardless of where it is being administered from such as AWS, Azure etc., on-premises, or both (hybrid environment), Chef automates how infrastructure is configured, deployed, and managed across your network, no matter the size.

Chef components you need to know

Chef Workstation
Chef Workstation is basically a server where all your codes are tested before deploying them to the chef server or clients (other environments). Your workstation is the computer where you author your cookbooks and administer your infrastructure. Chef workstation can be installed on any operating system, be it Linux, macOS, or Windows.


  • A text editor to write code
  • Chef Development Kit (Chef DK) to get the tools to test your codes on the work station. (The basic testing tools are Cookstyle, Foodcritic, ChefSpec, InSpec, and Test Kitchen).
    With these tools, you ensure your Chef code are tested and will execute as desired before deploying it any environments (production).
  • Resources are used to describe your Infrastructure, and this resource corresponds to some infrastructure such as templates, files or packages and this tells a system what state it should be part of but not how to get there. Here is where Chef comes to play by handling these tedious tasks of desired states.
    Note: Chef have already made resources which can be used.
  • Chef recipe is a file which groups all resources which are related together which are needed to execute (configure) an Application Server Server, Databases etc.
  • Chef Cookbook simply helps structure your recipes and this helps your stay structured.
  • Chef Dk tool has all the command-line tools needed to communicate with Chef. This inludes Knife which is used in interacting with the Chef Server and also for interacting with your local chef repository popular referred to as “Chef Repo”.

Pushing your Codes to the Chef Server

Once your codes have been tested against the local workstation, then alone you can upload (push) them to the Chef Server. The Chef server acts as a hub and stores configuration data such as cookbooks, the policies that are applied to the systems in your infrastructure and metadata that describes each system.

  • The knife command lets you interact with the Chef server from your workstation. (this i used to upload your cookbooks)

Configuring a Nodes from the Chef Server

A Node can be a container, server, virtual machine etc. which is basically any device in you organisation that is being managed by Chef. All Nodes (servers) must have the Chef client installed. At defined intervals (30mins), the Nodes contacts theChef Server to retrieve the latest cookbooks, only in the current state of the server (node) does not reflect what is in the cookbook. (then only the chef client installed on the Node will execute the cookbooks instructions). This ensures the system (server) converges to the desired state policy defined by you Team.

Note: All computation efforts are applied on the nodes itself and not the Chef Server because the codes are run against the node(s). See supported clients:

Offers ways to deploy applications referred to as “application automation”.  Application automation means that the automation is packaged with the application and travels with it, no matter where that application is deployed.

Habitat is comprised of a packaging format and a supervisor. The format defines Habitat packages, which are isolated, immutable, and auditable. The Habitat supervisor knows how to take the packages and run them.see more about this new feature on

This is an open-source testing framework with a human- and machine-readable language for specifying compliance, security and policy requirements. When compliance is introduced as code, you can integrate it into your deployment pipeline and automatically test for adherence to security policies.

InSpec code can run in multiple platforms. You can execute the same set of tests locally, with remote commands that use SSH or WinRM, or with external mechanisms such as the Docker API. An example of this framework is that InSpec rule ensures that insecure services and protocols, such as telnet are reported (not used).

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x