How can I add SSL using ACM with ECS blue green deployment


Hi, Currently, I am using code commit, code build, and code pipeline (ECS Blue Green) for blue-green deployment. Everything is working great. I have also selected blue green option while creating the service and attached 2 listeners and target groups(HTTP).

I have attached the domain to ALB. Now I want to add SSL to the domain, but SSL configuration in the application load balancer requires a specific target group with weight. But in the case of blue-green deployment, the Target group will change each time when I deploy something using ecs bg pipeline.

Also, I don't want to specify the weight on the alb. Is there any way to add acm in the load balancer in case of bg deployment

1 Answer

It should be sufficient to simply tie the ACM certificate directly to the ALB.
The ALB tied to the domain will not change with blue-green deployments, so I think simply tying the SSL certificate to the ALB will solve the problem.

profile picture
answered 8 months ago
  • What I see from documentation is this

    Associate an ACM SSL certificate with an Application Load Balancer In the navigation pane, choose Load Balancers, and then choose your Application Load Balancer.

    • Choose Add listener.
    • For Protocol, choose HTTPS.
    • For port, choose 443.
    • For Default action(s), choose Forward to, and then select your ALB target group from the dropdown list.
    • For Default SSL certificate, choose From ACM (recommended) and then choose the ACM certificate. Choose Save.

    Here if you see the above steps then i need to define or add target group in case of alb and that's the issue. If i will add/forward to target group then i also need to define weights. Once i will add weights then blue green deployment will not work with ecs because in ecs it automatically rotates the target group.

  • In the procedure for creating a deployment group described in this document, you can use blue-green deployments without problems even with HTTPS by setting the Production listener port and the Test listener port.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions