How can I add SSL using ACM with ECS blue green deployment

Hi, Currently, I am using code commit, code build, and code pipeline (ECS Blue Green) for blue-green deployment. Everything is working great. I have also selected blue green option while creating the service and attached 2 listeners and target groups(HTTP).

I have attached the domain to ALB. Now I want to add SSL to the domain, but SSL configuration in the application load balancer requires a specific target group with weight. But in the case of blue-green deployment, the Target group will change each time when I deploy something using ecs bg pipeline.

Also, I don't want to specify the weight on the alb. Is there any way to add acm in the load balancer in case of bg deployment

Topics

Developer Tools Containers Networking & Content Delivery Security, Identity, & Compliance

Tags

AWS CodePipeline Amazon Elastic Container Service Amazon Route 53 AWS Certificate Manager Application Load Balancer

Language

English

Atul Anand

asked 2 years ago888 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

It should be sufficient to simply tie the ACM certificate directly to the ALB.
The ALB tied to the domain will not change with blue-green deployments, so I think simply tying the SSL certificate to the ALB will solve the problem.

EXPERT

Riku_Kobayashi

answered 2 years ago

Atul Anand
2 years ago
What I see from documentation is this

Associate an ACM SSL certificate with an Application Load Balancer In the navigation pane, choose Load Balancers, and then choose your Application Load Balancer.

Choose Add listener.

For Protocol, choose HTTPS.

For port, choose 443.

For Default action(s), choose Forward to, and then select your ALB target group from the dropdown list.

For Default SSL certificate, choose From ACM (recommended) and then choose the ACM certificate. Choose Save.

Here if you see the above steps then i need to define or add target group in case of alb and that's the issue. If i will add/forward to target group then i also need to define weights. Once i will add weights then blue green deployment will not work with ecs because in ecs it automatically rotates the target group.
Riku_Kobayashi EXPERT
2 years ago
In the procedure for creating a deployment group described in this document, you can use blue-green deployments without problems even with HTTPS by setting the Production listener port and the Test listener port. https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-groups-create-ecs.html

Relevant content

Cross account ecs fargate blue/green deploy from code pipeline
Piyush
asked 3 years ago
How to set enable execute command on ecs fargate, blue/green deployment with code deploy?
bts
asked a year ago
Blue/Green deployment
Accepted Answer
Ivy So
asked 22 days ago
Blue/Green deployment with the ECS Service Connect
Clouddeepdiver
asked 2 years ago
How do I troubleshoot issues related to blue/green deployments in Amazon ECS?
AWS OFFICIALUpdated 8 months ago
How do I perform blue/green deployments for services hosted on Amazon ECS?
AWS OFFICIALUpdated 9 months ago
What is a blue/green deployment for a Amazon OpenSearch Service cluster?
AWS OFFICIALUpdated 2 years ago
How do I deploy new tasks in Amazon ECS without downtime?
AWS OFFICIALUpdated 4 months ago
AWS re:Invent 2024 - Deployment best practices for reliable rollouts using Amazon ECS
EXPERT
Henrique Santana
published 3 months ago
Building an End-to-End CI/CD Pipeline with Jenkins
EXPERT
Thanniru Anil Kumar
published 8 months ago