|
Whereas containers have revolutionized how growth groups bundle and deploy purposes, these groups have needed to rigorously monitor releases and construct customized tooling to mitigate deployment dangers, which slows down transport velocity. At scale, growth groups spend useful cycles constructing and sustaining undifferentiated deployment instruments as an alternative of innovating for his or her enterprise.
Beginning in the present day, you need to use the built-in blue/inexperienced deployment functionality in Amazon Elastic Container Service (Amazon ECS) to make your software deployments safer and extra constant. This new functionality eliminates the necessity to construct customized deployment tooling whereas providing you with the arrogance to ship software program updates extra continuously with rollback functionality.
Right here’s how one can allow the built-in blue/inexperienced deployment functionality within the Amazon ECS console.
You create a brand new “inexperienced” software setting whereas your present “blue” setting continues to serve reside visitors. After monitoring and testing the inexperienced setting totally, you route the reside visitors from blue to inexperienced. With this functionality, Amazon ECS now gives built-in performance that makes containerized software deployments safer and extra dependable.
Under is a diagram illustrating how blue/inexperienced deployment works by shifting software visitors from the blue setting to the inexperienced setting. You may be taught extra on the Amazon ECS blue/inexperienced service deployments workflow web page.
Amazon ECS orchestrates this whole workflow whereas offering occasion hooks to validate new variations utilizing artificial visitors earlier than routing manufacturing visitors. You may validate new software program variations in manufacturing environments earlier than exposing them to finish customers and roll again near-instantaneously if points come up. As a result of this performance is constructed instantly into Amazon ECS, you’ll be able to add these safeguards by merely updating your configuration with out constructing any customized tooling.
Getting began
Let me stroll you thru an illustration that showcases easy methods to configure and use blue/inexperienced deployments for an ECS service. Earlier than that, there are a couple of setup steps that I would like to finish, together with configuring AWS Id and Entry Administration (IAM) roles, which you’ll find on the Required sources for Amazon ECS blue/inexperienced deployments Documentation web page.
For this demonstration, I need to deploy a brand new model of my software utilizing the blue/inexperienced technique to attenuate danger. First, I must configure my ECS service to make use of blue/inexperienced deployments. I can do that by means of the ECS console, AWS Command Line Interface (AWS CLI), or utilizing infrastructure as code.
Utilizing the Amazon ECS console, I create a brand new service and configure it as typical:
Within the Deployment Choices part, I select ECS because the Deployment controller kind, then Blue/inexperienced because the Deployment technique. Bake time is the time after the manufacturing visitors has shifted to inexperienced, when instantaneous rollback to blue is offered. When the bake time expires, blue duties are eliminated.
We’re additionally introducing deployment lifecycle hooks. These are event-driven mechanisms you need to use to enhance the deployment workflow. I can choose which AWS Lambda perform I’d like to make use of as a deployment lifecycle hook. The Lambda perform can carry out the required enterprise logic, nevertheless it should return a hook standing.
Amazon ECS helps the next lifecycle hooks throughout blue/inexperienced deployments. You may be taught extra about every stage on the Deployment lifecycle levels web page.
- Pre scale up
- Put up scale up
- Manufacturing visitors shift
- Check visitors shift
- Put up manufacturing visitors shift
- Put up check visitors shift
For my software, I need to check when the check visitors shift is full and the inexperienced service handles the entire check visitors. Since there’s no end-user visitors, a rollback at this stage could have no influence on customers. This makes Put up check visitors shift appropriate for my use case as I can check it first with my Lambda perform.
Switching context for a second, let’s deal with the Lambda perform that I exploit to validate the deployment earlier than permitting it to proceed. In my Lambda perform as a deployment lifecycle hook, I can carry out any enterprise logic, corresponding to artificial testing, calling one other API, or querying metrics.
Inside the Lambda perform, I need to return a hookStatus. A hookStatus might be SUCCEEDED, which can transfer the method to the following step. If the standing is FAILED, it rolls again to the blue deployment. If it’s IN_PROGRESS, then Amazon ECS retries the Lambda perform in 30 seconds.
Within the following instance, I arrange my validation with a Lambda perform that performs file add as a part of a check suite for my software.
import json
import urllib3
import logging
import base64
import os
# Configure logging
logger = logging.getLogger()
logger.setLevel(logging.DEBUG)
# Initialize HTTP shopper
http = urllib3.PoolManager()
def lambda_handler(occasion, context):
"""
Validation hook that assessments the inexperienced setting with file add
"""
logger.information(f"Occasion: {json.dumps(occasion)}")
logger.information(f"Context: {context}")
attempt:
# In an actual state of affairs, you'd assemble the check endpoint URL
test_endpoint = os.getenv("APP_URL")
# Create a check file for add
test_file_content = "This can be a check file for deployment validation"
test_file_data = test_file_content.encode('utf-8')
# Put together multipart kind knowledge for file add
fields = {
'file': ('check.txt', test_file_data, 'textual content/plain'),
'description': 'Deployment validation check file'
}
# Ship POST request with file add to /course of endpoint
response = http.request(
'POST',
test_endpoint,
fields=fields,
timeout=30
)
logger.information(f"POST /course of response standing: {response.standing}")
# Test if response has OK standing code (200-299 vary)
if 200 <= response.standing < 300:
logger.information("File add check handed - acquired OK standing code")
return {
"hookStatus": "SUCCEEDED"
}
else:
logger.error(f"File add check failed - standing code: {response.standing}")
return {
"hookStatus": "FAILED"
}
besides Exception as error:
logger.error(f"File add check failed: {str(error)}")
return {
"hookStatus": "FAILED"
}When the deployment reaches the lifecycle stage that’s related to the hook, Amazon ECS routinely invokes my Lambda perform with deployment context. My validation perform can run complete assessments in opposition to the inexperienced revision—checking software well being, working integration assessments, or validating efficiency metrics. The perform then alerts again to ECS whether or not to proceed or abort the deployment.
As I selected the blue/inexperienced deployment technique, I additionally must configure the load balancers and/or Amazon ECS Service Join. Within the Load balancing part, I choose my Software Load Balancer.
Within the Listener part, I exploit an present listener on port 80 and choose two Goal teams.
Proud of this configuration, I create the service and anticipate ECS to provision my new service.
Testing blue/inexperienced deployments
Now, it’s time to check my blue/inexperienced deployments. For this check, Amazon ECS will set off my Lambda perform after the check visitors shift is accomplished. My Lambda perform will return FAILED on this case because it performs file add to my software, however my software doesn’t have this functionality.
I replace my service and examine Drive new deployment, realizing the blue/inexperienced deployment functionality will roll again if it detects a failure. I choose this feature as a result of I haven’t modified the duty definition however nonetheless must set off a brand new deployment.
At this stage, I’ve each blue and inexperienced environments working, with the inexperienced revision dealing with all of the check visitors. In the meantime, primarily based on Amazon CloudWatch Logs of my Lambda perform, I additionally see that the deployment lifecycle hooks work as anticipated and emit the next payload:
[INFO] 2025-07-10T13:15:39.018Z 67d9b03e-12da-4fab-920d-9887d264308e Occasion:
{
"executionDetails": {
"testTrafficWeights": {},
"productionTrafficWeights": {},
"serviceArn": "arn:aws:ecs:us-west-2:123:service/EcsBlueGreenCluster/nginxBGservice",
"targetServiceRevisionArn": "arn:aws:ecs:us-west-2:123:service-revision/EcsBlueGreenCluster/nginxBGservice/9386398427419951854"
},
"executionId": "a635edb5-a66b-4f44-bf3f-fcee4b3641a5",
"lifecycleStage": "POST_TEST_TRAFFIC_SHIFT",
"resourceArn": "arn:aws:ecs:us-west-2:123:service-deployment/EcsBlueGreenCluster/nginxBGservice/TFX5sH9q9XDboDTOv0rIt"
}As anticipated, my AWS Lambda perform returns FAILED as hookStatus as a result of it didn’t carry out the check.
[ERROR] 2025-07-10T13:18:43.392Z 67d9b03e-12da-4fab-920d-9887d264308e File add check failed: HTTPConnectionPool(host="xyz.us-west-2.elb.amazonaws.com", port=80): Max retries exceeded with url: / (Attributable to ConnectTimeoutError(, 'Connection to xyz.us-west-2.elb.amazonaws.com timed out. (join timeout=30)')) As a result of the validation wasn’t accomplished efficiently, Amazon ECS tries to roll again to the blue model, which is the earlier working deployment model. I can monitor this course of by means of ECS occasions within the Occasions part, which gives detailed visibility into the deployment progress.
Amazon ECS efficiently rolls again the deployment to the earlier working model. The rollback occurs near-instantaneously as a result of the blue revision stays working and able to obtain manufacturing visitors. There isn’t any end-user influence throughout this course of, as manufacturing visitors by no means shifted to the brand new software model—ECS merely rolled again check visitors to the unique secure model. This eliminates the standard deployment downtime related to conventional rolling deployments.
I may also see the rollback standing within the Final deployment part.
All through my testing, I noticed that the blue/inexperienced deployment technique gives constant and predictable conduct. Moreover, the deployment lifecycle hooks present extra flexibility to regulate the conduct of the deployment. Every service revision maintains immutable configuration together with activity definition, load balancer settings, and Service Join configuration. Which means rollbacks restore precisely the identical setting that was beforehand working.
Extra issues to know
Listed here are a few issues to notice:
- Pricing – The blue/inexperienced deployment functionality is included with Amazon ECS at no further cost. You pay just for the compute sources used throughout the deployment course of.
- Availability – This functionality is offered in all industrial AWS Areas.
Get began with blue/inexperienced deployments by updating your Amazon ECS service configuration within the Amazon ECS console.
Comfortable deploying!
— Donnie