Use CloudFront continuous deployment to safely validate CDN changes

Content delivery networks (CDN) like Amazon CloudFront are often the front door for users and devices to connect to websites or applications. A change to your CDN configuration could result in a complete outage with limited visibility into the cause of the issue. Today’s existing industry solutions for providing the testing of CDN configuration changes require injecting custom headers at the client, overriding client DNS settings, or implementing separate test domains. This makes large-scale testing challenging. Customers may have to build complex feature flags into their applications to test a broad range of client types, including mobile devices, personal computers, smart TVs, Amazon Fire TVs, and others. This approach lacks scalability, as well as the capability to steer production traffic percentages to make sure that the changes introduced do not negatively impact the workload.

New CloudFront continuous deployment

Starting today, you can use CloudFront continuous deployment to safely test and validate your CloudFront distribution changes using a portion of production traffic before committing the entire workload. You can easily integrate with your CI/CD pipelines and deploy configuration changes using blue-green or canary deployment strategy. Using the AWS Console, AWS Command Line Interface (AWS CLI), AWS CloudFormation, or AWS SDK you can now create a new version of an existing distribution while using the same alternate domain name, and then you can precisely control traffic percentage shared between the versions. Common use cases include configuring a new origin, understanding the performance impact on changing cache settings, testing new geographic restrictions, or testing new versions of Lambda@Edge or CloudFront Functions.

When testing is required, CloudFront now lets you create a staging distribution to associate with the production distribution. Origins, Origin Groups, Cache Behaviors, Customer Error Responses, Default Root Object, Logging, and Geographic Restrictions are among the settings that can be modified inside your staging distribution with more coming in the future. Telemetry from your clients, application, and CloudFront can provide insights into how changes to the staging distribution are affecting requests. If telemetry shows a negative impact, then you can simply revert traffic back to the production distribution. Once testing has completed and you’re confident in your changes, the promotion of the staging distribution to production is easy, and this pushes the remaining production traffic into the new configuration. Promotion to production requires no DNS changes, no viewer connection disconnect, and no cache loss.

You can shift traffic to your staging distribution using continuous deployment policy, which allows for one of two ways: header-based or weight-based. Let’s explore those settings.

Header-based

Redirection to the staging distribution can be performed by detecting a header in the client request. This requires the client to include a predefined custom header as part of the HTTP request to CloudFront. Using this method can be useful when you have a low number of devices in a controlled environment in which you want to perform small-scale testing.

Weight-based

Weight-based, more commonly referred to as a canary deployment, lets you define a percentage of your production traffic to push to your staging distribution. The percentage value can start small and then increase over time, which lets you seamlessly conduct large-scale tests without the need for changes to your application or clients. Session stickiness makes sure that requests pushed to the staging distribution continue to do so until the viewer session closes or the staging distribution is removed or promoted. Customers may choose to validate changes first by header-based from known test users and devices, and then introduce production traffic using the weight-based.

Figure 1: Example of using weight-based to weight 10% production traffic to the staging distribution.

Create your first staging distribution

Now that we’ve covered what CloudFront continuous deployment is, let’s create a staging distribution with the weight-based option.

Launch the CloudFront Management Console and select the distribution with which you want to test continuous deployment. From there select the Create Staging Distribution button.

Figure 2: Updated CloudFront distribution with continuous deployment.

Give the staging distribution a description (optional), and select Next.

Figure 3: Creating a new staging distribution.

Next, you can modify the settings of the staging distribution including Origins. However, for this exercise, scroll down and select Next.

Figure 4: Configuring new settings for the staging distribution.

Select the Traffic policy type. Here we’ll specify the Weight-based policy and specify the traffic percentage that we want to send to the staging distribution.

Figure 5: Specifying the traffic policy for the staging distribution.

Finally, review your configurations and select Finish.

Figure 6: Reviewing the settings for your new staging distribution.

Now your staging distribution has been created and is ready to receive traffic.

Figure 7: The newly created staging distribution now shows in the console.

Conclusion

In this post, you learned how CloudFront continuous deployment provides a safe and easy way to validate changes to your CloudFront distribution. You reviewed how to direct traffic for testing and as well as step-by-step instructions through the Console to setup your first staging distribution. Log in into the CloudFront Management Console and try it out today!

Author Bios