I want to perform blue/green deployment for services hosted on Amazon Elastic Container Service (Amazon ECS).
Short description
Before you follow the steps to perform a blue/green deployment, make sure that you have the following:
Resolution
Create an IAM service role
Before you can deploy the blue/green type for AWS CodeDeploy with Amazon ECS, the CodeDeploy service must have permissions to update your ECS service on your behalf. To grant these permissions, complete the following steps:
- Open the AWS Identity and Access Management (IAM) console.
- In the navigation pane, choose Roles.
- Choose Create role.
- In the Select type of trusted entity section, choose AWS service, and then choose CodeDeploy.
- In the Select your use case section, choose CodeDeploy - ECS, and then choose Next.
Note: Keep the default AWSCodeDeployRoleForECS policy. This policy includes the permissions that CodeDeploy requires to interact correctly with Amazon ECS and other services.
- Choose Next
- For Role name, enter ecsCodeDeployRole
- (Optional) Add tags
- Choose Create role.
Create the Application Load Balancer
Complete the following steps to create the Application Load Balancer:
- Open the Amazon EC2 console.
- In the navigation pane, from the Load Balancing section, choose Load Balancers.
- Choose Create Load Balancer.
- In the Select load balancer type section, for Application Load Balancer, choose Create.
- For Name, enter a name for your load balancer.
- In the Network Mapping section, select the VPC where your Amazon ECS cluster was created. Then, select any two subnets with access to the internet.
- In the Security groups section, select the "Create a new security group" hyperlink.
- For Security group name, enter Sample Security-group.
- Choose Add Rule.
- For Port Range, enter 8080. For Source, enter 0.0.0.0/0.
- Choose Create Security Group.
- Refresh the Security Groups on the Load Balancer page view, and then Select the newly created Security Group.
- In the Listeners and Routing section, select the "Create Target Group" hyperlink.
- For Target type, choose IP addresses.
- For Target group, enter a name for your target group.
- Choose Next, and then register your target group and set your IP.
- Choose Create Target Group.
Create a task definition
Complete the following steps:
- Open the Amazon ECS console.
- In the navigation pane, choose Task Definitions.
- Choose Create new Task Definition.
- Choose Fargate, and then choose Next step.
- Configure the task definition, and then choose Create.
The following example task definition uses the AWS Fargate launch type and an NGINX image from Docker Hub:
Note: Replace the account_ID value with your own account number in this and the following example.
{
"executionRoleArn": "arn:aws:iam::account_ID:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
"name": "sample-website",
"image": "nginx:latest",
"essential": true,
"portMappings": [
{
"hostPort": 80,
"protocol": "tcp",
"containerPort": 80
}
]
}
],
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"memory": "512",
"family": "sample-website"
}
Create an Amazon ECS service
Complete the following steps:
- Open the Amazon ECS console.
- In the Amazon ECS section of the navigation pane, choose Clusters, and then choose your cluster.
- On the Services tab, choose Create to create a service.
- In the Environment section, select Launch type, and then select FARGATE.
- For Task Definition, select the task definition that you created in the previous section.
- For Service name, enter a name for your service. For example: Sample-Website.
- For Number of tasks, enter the number of tasks that you want your service to run.
- In the Deployment options section, select Blue/green deployment (powered by AWS CodeDeploy).
- For Service role for CodeDeploy, choose the ecsCodeDeployRole service role that you created earlier.
- In the Networking section, choose your cluster VPC and subnets as well as the Security Group that you created earlier.
- In the Load balancing section, for Load balancer type, choose Application Load Balancer.
- For Load balancer name, select the load balancer that you created earlier.
- In the Listeners section, for Production listener port, select 80:HTTP.
- Select the Add a Test listener check box.
- For Test listener port, choose create new, and then enter 8080 as the listener port.
- In the Target groups section, for Target group 1 name, choose the target group that you created when you created the load balancer.
- For Target group 2 name, create a new target group in the Amazon ECS console with the name sample-website-tg-2.
- Choose Create.
Now, you can see the new service that you created with one task running.
Verify that the Amazon ECS blue/green deployment works correctly
After you create the blue/green Amazon ECS service, create a new task definition revision with the changes, and then update your Amazon ECS service. This action creates a deployment in the CodeDeploy console.
Complete the following steps to verify that your deployment works:
-
Open the Amazon ECS console.
-
From the navigation pane, choose Task Definitions.
-
Select your task definition, choose Create new revision, and then choose Create.
Note: In the following example, the image property is updated to use httpd:2.4.
{
"executionRoleArn": "arn:aws:iam::account\_ID:role/ecsTaskExecutionRole",
"containerDefinitions": \[
{
"name": "sample-website",
"image": "httpd:2.4",
"essential": true,
"portMappings": \[
{
"hostPort": 80,
"protocol": "tcp",
"containerPort": 80
}
\]
}
\],
"requiresCompatibilities": \[
"FARGATE"
\],
"networkMode": "awsvpc",
"cpu": "256",
"memory": "512",
"family": "sample-website"
}
-
From the navigation pane, choose Clusters, and then choose the cluster where you deployed your Amazon ECS service.
-
On the Services tab, select your Amazon ECS service, and then choose Update.
-
In the Deployment configuration section, for Task Definition, choose the latest revision that you created in step 3.
-
Choose Update.
-
On the Deployments tab, in the Deployment Id column, choose the deployment ID to view your CodeDeploy deployment.