How do I perform blue/green deployments for services hosted on Amazon ECS?

5 minute read
0

I want to perform blue/green deployment for services hosted on Amazon Elastic Container Service (Amazon ECS).

Short description

Before you follow the steps to perform a blue/green deployment, make sure that you have the following:

Resolution

Create an IAM service role

Before you can deploy the blue/green type for AWS CodeDeploy with Amazon ECS, the CodeDeploy service must have permissions to update your ECS service on your behalf. To grant these permissions, complete the following steps:

  1. Open the AWS Identity and Access Management (IAM) console.
  2. In the navigation pane, choose Roles.
  3. Choose Create role.
  4. In the Select type of trusted entity section, choose AWS service, and then choose CodeDeploy.
  5. In the Select your use case section, choose CodeDeploy - ECS, and then choose Next.
    Note: Keep the default AWSCodeDeployRoleForECS policy. This policy includes the permissions that CodeDeploy requires to interact correctly with Amazon ECS and other services.
  6. Choose Next
  7. For Role name, enter ecsCodeDeployRole
  8. (Optional) Add tags
  9. Choose Create role.

Create the Application Load Balancer

Complete the following steps to create the Application Load Balancer:

  1. Open the Amazon EC2 console.
  2. In the navigation pane, from the Load Balancing section, choose Load Balancers.
  3. Choose Create Load Balancer.
  4. In the Select load balancer type section, for Application Load Balancer, choose Create.
  5. For Name, enter a name for your load balancer.
  6. In the Network Mapping section, select the VPC where your Amazon ECS cluster was created. Then, select any two subnets with access to the internet.
  7. In the Security groups section, select the "Create a new security group" hyperlink.
  8. For Security group name, enter Sample Security-group.
  9. Choose Add Rule.
  10. For Port Range, enter 8080. For Source, enter 0.0.0.0/0.
  11. Choose Create Security Group.
  12. Refresh the Security Groups on the Load Balancer page view, and then Select the newly created Security Group.
  13. In the Listeners and Routing section, select the "Create Target Group" hyperlink.
  14. For Target type, choose IP addresses.
  15. For Target group, enter a name for your target group.
  16. Choose Next, and then register your target group and set your IP.
  17. Choose Create Target Group.

Create a task definition

Complete the following steps:

  1. Open the Amazon ECS console.
  2. In the navigation pane, choose Task Definitions.
  3. Choose Create new Task Definition.
  4. Choose Fargate, and then choose Next step.
  5. Configure the task definition, and then choose Create.

The following example task definition uses the AWS Fargate launch type and an NGINX image from Docker Hub:

Note: Replace the account_ID value with your own account number in this and the following example.

{
  "executionRoleArn": "arn:aws:iam::account_ID:role/ecsTaskExecutionRole",
  "containerDefinitions": [
    {
      "name": "sample-website",
      "image": "nginx:latest",
      "essential": true,
      "portMappings": [
        {
          "hostPort": 80,
          "protocol": "tcp",
          "containerPort": 80
        }
      ]
    }
  ],
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "networkMode": "awsvpc",
  "cpu": "256",
  "memory": "512",
  "family": "sample-website"
}

Create an Amazon ECS service

Complete the following steps:

  1. Open the Amazon ECS console.
  2. In the Amazon ECS section of the navigation pane, choose Clusters, and then choose your cluster.
  3. On the Services tab, choose Create to create a service.
  4. In the Environment section, select Launch type, and then select FARGATE.
  5. For Task Definition, select the task definition that you created in the previous section.
  6. For Service name, enter a name for your service. For example: Sample-Website.
  7. For Number of tasks, enter the number of tasks that you want your service to run.
  8. In the Deployment options section, select Blue/green deployment (powered by AWS CodeDeploy).
  9. For Service role for CodeDeploy, choose the ecsCodeDeployRole service role that you created earlier.
  10. In the Networking section, choose your cluster VPC and subnets as well as the Security Group that you created earlier.
  11. In the Load balancing section, for Load balancer type, choose Application Load Balancer.
  12. For Load balancer name, select the load balancer that you created earlier.
  13. In the Listeners section, for Production listener port, select 80:HTTP.
  14. Select the Add a Test listener check box.
  15. For Test listener port, choose create new, and then enter 8080 as the listener port.
  16. In the Target groups section, for Target group 1 name, choose the target group that you created when you created the load balancer.
  17. For Target group 2 name, create a new target group in the Amazon ECS console with the name sample-website-tg-2.
  18. Choose Create.

Now, you can see the new service that you created with one task running.

Verify that the Amazon ECS blue/green deployment works correctly

After you create the blue/green Amazon ECS service, create a new task definition revision with the changes, and then update your Amazon ECS service. This action creates a deployment in the CodeDeploy console.

Complete the following steps to verify that your deployment works:

  1. Open the Amazon ECS console.

  2. From the navigation pane, choose Task Definitions.

  3. Select your task definition, choose Create new revision, and then choose Create.
    Note: In the following example, the image property is updated to use httpd:2.4.

    {
      "executionRoleArn": "arn:aws:iam::account\_ID:role/ecsTaskExecutionRole",
      "containerDefinitions": \[
        {
          "name": "sample-website",
          "image": "httpd:2.4",
          "essential": true,
          "portMappings": \[
            {
              "hostPort": 80,
              "protocol": "tcp",
              "containerPort": 80
            }
          \]
        }
      \],
      "requiresCompatibilities": \[
        "FARGATE"
      \],
      "networkMode": "awsvpc",
      "cpu": "256",
      "memory": "512",
      "family": "sample-website"
    }
  4. From the navigation pane, choose Clusters, and then choose the cluster where you deployed your Amazon ECS service.

  5. On the Services tab, select your Amazon ECS service, and then choose Update.

  6. In the Deployment configuration section, for Task Definition, choose the latest revision that you created in step 3.

  7. Choose Update.

  8. On the Deployments tab, in the Deployment Id column, choose the deployment ID to view your CodeDeploy deployment.

AWS OFFICIAL
AWS OFFICIALUpdated 9 months ago
2 Comments

Hi Team,

Is this solution is still relevant? I tried to configure new service as specified in solution, however deployment type option is greyed out and by default it selected as Rolling update.

Best Regards, Srinivas.

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
EXPERT
replied 2 years ago