How can I perform blue/green deployments for services hosted on Amazon ECS?

Last updated: 2021-01-22

I want to perform blue/green deployment for services hosted on Amazon Elastic Container Service (Amazon ECS).

Short description

Before you follow the steps to perform a blue/green deployment, make sure that you have the following:

Resolution

Create an AWS Identity and Access Management (IAM) service role

Before you can use the blue/green deployment type for AWS CodeDeploy with Amazon ECS, you must grant the CodeDeploy service permissions to update your Amazon ECS service on your behalf.

1.    Open the IAM console.

2.    In the navigation pane, choose Roles.

3.    Choose Create role.

4.    In the Select type of trusted entity section, choose AWS service, and then choose CodeDeploy.

5.    In the Select your use case section, choose CodeDeploy - ECS, and then choose Next:Permissions.

Note: Keep the default AWSCodeDeployforECS policy. This policy includes the permissions that CodeDeploy requires for interacting correctly with Amazon ECS and other services.

6.    Choose Next: Tags.

7.    (Optional) Enter a tag name, and then choose Next: Review.

8.    For Role name, enter ecsCodeDeployRole.

9.    Choose Create role.

Create the Application Load Balancer

1.    Open the Amazon EC2 console.

2.    In the navigation pane, from the Load Balancing section, choose Load Balancers.

3.    Choose Create Load Balancer.

4.    In the Select load balancer type section, for Application Load Balancer, choose Create.

5.    For Name, enter a name for your load balancer.

6.    In the Availability Zones section, select the VPC where your Amazon ECS cluster was created, and then select any two subnets with access to the internet. 

7.    Choose Next: Configure Security Settings.

8.    Select Create a new security group.

9.    For Security group name, enter Sample Security-group.

10.   Choose Add Rule.

11.    For Port Range, enter 8080. For Source, enter 0.0.0.0/0.

12.    Choose Next: Configure Routing.

13.    For Target group, enter a name for your target group.

14.    For Target type, choose IP.

15.    Choose Next: Register Targets, and then register your target group and set your IP.

16.    Choose Next:Review.

17.    Choose Create.

Create a task definition

1.    Open the Amazon ECS console.

2.    In the navigation pane, choose Task Definitions.

3.    Choose Create new Task Definition.

4.    Choose Fargate, and then choose Next step.

5.   Configure the task definition based on your needs, and then choose Create.

The following example task definition uses the AWS Fargate launch type and an Nginx image from Docker hub:

{
  "executionRoleArn": "arn:aws:iam::account_ID:role/ecsTaskExecutionRole",
  "containerDefinitions": [{
    "name": "sample-website",
    "image": "nginx:latest",
    "essential": true,
    "portMappings": [{
      "hostPort": 80,
      "protocol": "tcp",
      "containerPort": 80
    }]
  }],
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "networkMode": "awsvpc",
  "cpu": "256",
  "memory": "512",
  "family": "sample-website"
}

Create an Amazon ECS service

1.    Open the Amazon ECS console.

2.    In the Amazon ECS section of the navigation pane, choose Clusters, and then choose your cluster.

3.    On the Services tab, choose Create to create a service.

4.    In the Configure service section, for Launch type, select FARGATE.

5.    For Task Definition, select the task definition that you created in the previous section.

6.    For Service name, enter a name for your service. For example: Sample-Website

7.    For Number of tasks, enter the number of tasks that you want your service to run.

8.    In the Deployments section, select Blue/green deployment (powered by AWS CodeDeploy).

9.    For Service role for CodeDeploy, choose ecsCodeDeployRole.

Note: You created the ecsCodeDeployRole service role earlier.

10.    Choose Next step.

11.    In the VPC and security groups section, choose your cluster VPC and subnets.

12.    In the Load balancing section, for Load balancer type, choose Application Load Balancer.

13.    For Load balancer name, select the load balancer that you created earlier.

14.    In the Container to load balancer section, choose Add to load balancer.

15.    In the Container to load balance section, for Production listener port, select 80:HTTP.

16.    Select the Test listener check box.

17.    For Test listener port, choose create new, and then enter 8080 as the listener port.

18.    In the Additional configuration section, for Target group 1 name, choose the target group that you created when you created the load balancer.

19.    For Target group 2 name, create a new target group in the Amazon ECS console with the name sample-website-tg-2.

20.    Skip the Set Auto Scaling (optional) page and choose Next step.

21.    Choose Create Service.

Now, you can see the new service that you created with one task running.

Verify that the Amazon ECS blue/green deployment is working

After you create the blue/green Amazon ECS service, you can create a new task definition with the changes and then update your Amazon ECS service. This creates a deployment in the CodeDeploy console.

1.    Open the Amazon ECS console.

2.    From the navigation pane, choose Task Definitions.

3.    Select your task definition, and then choose Create new revision, and then choose Create.

Note: In the following example, the image property is updated to use httpd:2.4:

{
  "executionRoleArn": "arn:aws:iam::account_ID:role/ecsTaskExecutionRole",
  "containerDefinitions": [{
    "name": "sample-website",
    "image": "httpd:2.4",
    "essential": true,
    "portMappings": [{
      "hostPort": 80,
      "protocol": "tcp",
      "containerPort": 80
    }]
  }],
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "networkMode": "awsvpc",
  "cpu": "256",
  "memory": "512",
  "family": "sample-website"
}

4.    From the navigation pane, choose Clusters, and then choose the cluster where you deployed your Amazon ECS service.

5.    On the Services tab, select your Amazon ECS service, and then choose Update.

6.    In the Configure service section, for Task Definition, choose the latest revision that you created in step 3.

7.    Choose Next step to skip all the remaining pages in the wizard, and then choose Update Service.

8.    Choose View Service.

9.    On the Deployments tab, in the Deployment Id column, choose the deployment ID to view your CodeDeploy deployment.


Did this article help?


Do you need billing or technical support?