How can I add SSL using ACM with ECS blue green deployment

Hi, Currently, I am using code commit, code build, and code pipeline (ECS Blue Green) for blue-green deployment. Everything is working great. I have also selected blue green option while creating the service and attached 2 listeners and target groups(HTTP).

I have attached the domain to ALB. Now I want to add SSL to the domain, but SSL configuration in the application load balancer requires a specific target group with weight. But in the case of blue-green deployment, the Target group will change each time when I deploy something using ecs bg pipeline.

Also, I don't want to specify the weight on the alb. Is there any way to add acm in the load balancer in case of bg deployment

Topics

Developer Tools Containers Networking & Content Delivery Security, Identity, & Compliance

Tags

AWS CodePipeline Amazon Elastic Container Service Amazon Route 53 AWS Certificate Manager Application Load Balancer

Language

English

Atul Anand

asked 10 months ago464 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

It should be sufficient to simply tie the ACM certificate directly to the ALB.
The ALB tied to the domain will not change with blue-green deployments, so I think simply tying the SSL certificate to the ALB will solve the problem.

EXPERT

Riku_Kobayashi

answered 10 months ago

Atul Anand
10 months ago
What I see from documentation is this

Associate an ACM SSL certificate with an Application Load Balancer In the navigation pane, choose Load Balancers, and then choose your Application Load Balancer.

Choose Add listener.

For Protocol, choose HTTPS.

For port, choose 443.

For Default action(s), choose Forward to, and then select your ALB target group from the dropdown list.

For Default SSL certificate, choose From ACM (recommended) and then choose the ACM certificate. Choose Save.

Here if you see the above steps then i need to define or add target group in case of alb and that's the issue. If i will add/forward to target group then i also need to define weights. Once i will add weights then blue green deployment will not work with ecs because in ecs it automatically rotates the target group.
Riku_Kobayashi EXPERT
10 months ago
In the procedure for creating a deployment group described in this document, you can use blue-green deployments without problems even with HTTPS by setting the Production listener port and the Test listener port. https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-groups-create-ecs.html

Relevant content

Cross account ecs fargate blue/green deploy from code pipeline
Piyush
asked 2 years ago
How to set enable execute command on ecs fargate, blue/green deployment with code deploy?
bts
asked 6 months ago
Blue/Green deployment with the ECS Service Connect
Clouddeepdiver
asked 9 months ago
ECS Blue-Green with CodePipeline
Accepted Answer
Siva_R
asked 4 years ago
How can I perform blue/green deployments for services hosted on Amazon ECS?
AWS OFFICIALUpdated a year ago
What is a blue/green deployment for a Amazon OpenSearch Service cluster?
AWS OFFICIALUpdated 10 months ago
How do I troubleshoot a "Status Code: 400; Error Code" error when I use CloudFormation for ElastiCache?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot issues related to blue/green deployments in Amazon ECS?
AWS OFFICIALUpdated 2 years ago
Using CodeCatalyst to deploy Terraform Infrastructure as Code
EXPERT
Sundaresh_I
published 8 months ago
Using AWS Application Load Balancer for Blue / Green Application Migration to VMware Cloud on AWS
EXPERT
Jay Scheponik
published 5 months ago