Uninterrupted Evolution: Mastering Blue-Green Deployment with AWS ALB for Seamless Application Updates
In this section, we will learn how to deploy new releases/updates of your application without affecting the performance by ensuring high availability and reliability. We will leverage the features of the Application Load balancer to implement blue/green deployment.
A Blue/Green deployment is a deployment strategy in which you create two separate, but identical environments. One environment (blue) is running the current application version and one environment (green) is running the new application version. Using a blue/green deployment strategy increases application availability and reduces deployment risk by simplifying the rollback process if a deployment fails. Once testing has been completed on the green environment, live application traffic is directed to the green environment, and the blue environment is deprecated.
In the below image, we have two production environments, Blue and Green. The Blue environment is one where the current (let’s say version 1) of the application is running and is live as well. All the traffic of the application is directed to Blue by the Router or load balancer (as per the infra setup). Meanwhile, version 2 of the application is deployed and tested on Green Environment.
Currently, at this stage, we can refer to the Blue environment as Live and Green as idle or at staging state.
Once the code for version 2 is tested and ready to be live for production, we redirect the traffic from the Blue Environment to the Green Environment, making Green Live and Blue a staging environment. If any problem is detected with the Infrastructure or application after version 2 is made live, we can roll back to the previous version just by swapping the environment.
Let's see how this can be done.
1. Deploying App Version 1
- Create Launch configuration (app-version1-lc)
- Create an Auto Scaling Group (app-version1-asg)
- Create a Target group (app-version1-tg)
- Attach Auto Scaling Group (app-version1-asg) to Target Group (app-version1-tg)
- Create Application Load balancer (app-alb)
- Forwarding traffic 100% to the target group (app-version1-tg) using ALB rules
2. Deploying App Version 2
Rolling out the App’s New version. Application with new features has to be deployed in other target groups
- Create Launch configuration (app-version2-lc)
- Create Auto Scaling Group (app-version2-asg)
- Create a Target group (app-version2-tg)
- Attach Auto Scaling Group (app-version2-asg) to Target Group (app-version2-tg)
- Forwarding 100% of traffic to a new target group (app-version2-tg) using ALB rules
3. Enabling group level stickiness
Glossary
Application Load balancer is used to route the requests to a specific target group(servers) based on the rules defined in it
The Target group is a group of servers/instances that process and serve the request back to the Application Load balancer
The auto-scaling group is used to automatically provision new instances so as to handle the peak requests. To what limit the Autoscaling group could create new instances is defined in min, max, and desired capacity. By using the scaling policies of the Autoscaling group, we can set to provision new instances based on resource utilization metrics (dynamic scaling policies).ASG is attached to the target group so that the new instances created by the Autoscaling group would be attached to the corresponding target group. So, the application load balancer would start to send requests to the new instance which is recently attached to the target group by the Autoscaling group
Launch configuration is a template that contains the configuration and specification of an instance which the Autoscaling group uses to provision new instances
Let’s first look at the deployment of version1 of the App under an Application Load balancer
1. Deploying App Version 1
Step 1: Create Launch configuration (app-version1-lc)
Login to AWS console >> EC2 >> Auto Scaling Groups >> Create Auto Scaling Group >> switch to launch configuration >> Create a new launch configuration
Launch configuration Name: app-version1-lc
AMI: ami-0xxxxxxx (You can get Amazon Linux ID from EC2 Instance Launch Panel)
Instance type: t2.micro
Advanced configuration >> Advanced details >> Userdata: Enter the set of commands that has to be executed automatically after the instance is provisioned
If your application is pre-packaged with a basic image, then you might choose that particular AMI. Otherwise, you can make use of user data to deploy the application
Storage(volumes): By default, 8GB Root volume is attached for t2.micro class
Security groups: Select from existing security groups. If you don’t have any existing security groups, you can create a new one using “create a new security group”
Key pair >> Choose an existing key pair
Existing key pair >> Select the keypair which you have already created and have the private key of the same in your local
Enable “I acknowledge that I have access to the selected private key file, and that without this file, I won’t be able to log into my instance.”
Click on Create launch configuration
Note: Launch configuration is deprecated now, hence AWS suggests using the Launch template instead.
Step 2: Create Auto Scaling Group (app-version1-asg)
To create AutoScalingGroup,
In the EC2 console, click on EC2 >> Auto Scaling groups >> Create Auto Scaling group
Name : app-version1-asg
Click on Switch to Launch configuration
Select the launch configuration in the drop-down as “app-version1-lc” >> click Next
Select the default VPC
Availability Zones and subnets: Select the subnets in which ASG can create the instances
Configure advanced options
Load balancing >> No load balancer
Health check grace period — 120 Sec
Click next
Configure group size and scaling policies
Min, Max, Desired capacity — 2
Scaling policies
Dynamic scaling policy — dynamically resize your Auto Scaling group to meet changes in demand
As of now, choosing None to use a static scaling policy
Add notifications
Add tags
Enter the name and value as tags to add to the new instances that the AutoScalingGroup creates so that we can understand the instances that are created by the AutoScalingGroup
Key: Name, Value: version1
Review
On this page, we can review the Auto-scaling group configuration and if any section that needs to be modified, click on the edit option on the same section to make changes
Click on Create Auto Scaling Group
The AutoScalingGroup is created.
The details section explains the capacity details of AutoScalingGroup
The instance management section shows the instances that are managed by the AutoScalingGroup
Step 3: Create Target group (app-version1-tg)
A Target group tells a load balancer where to direct traffic to: EC2 instances, fixed IP addresses; or AWS Lambda functions, amongst others.
EC2 management console >> Click on Target Group under Load Balancing >> Click on Create Target Group
Choose a target type: Instances
Target group name: app-version1-tg
Protocol: HTTP
Port: By default, a load balancer routes requests to its targets using the protocol and port number that you specified when you created the target group.
Instance Port: 80
Health checks: The associated load balancer periodically sends requests, per the settings provided, to the registered targets to test their status
Health check protocol: HTTP
Health check path: /index.php
Advanced health check settings
Healthy threshold: 2 (It is the number of consecutive health checks successes required before considering an unhealthy target healthy)
Unhealthy threshold: 2 (It is the number of consecutive health check failures required before considering a target unhealthy)
Timeout: 5 seconds (It is the amount of time, in seconds, during which no response means a failed health check)
Interval: 30 seconds (It is the approximate amount of time between health checks of an individual target)
Success codes: 200
Register targets: Do not select any specific instance as targets. Why registering instances as targets is not recommended here is, that we will be attaching an autoscaling group to the target group. If we select and register a particular instance from the list shown in the pic, when that particular instance is down ASG will create a new instance following the health check failed situation. But the new instance which is replaced by the ASG would need to be manually registered to the target group. Hence, We will attach an auto-scaling group to the target group so that the instances created by the ASG will automatically attached as targets for the load balancer.
Click on Create Target Group. A Target Group with the name “app-version1-tg” will be created.
We can see the Target Group with the name “app-version1-tg” is created with no registered targets. In the next section, we will register the targets that are created by the auto-scaling group indirectly by attaching the auto-scaling group to the target group
Step 4: Attach Auto Scaling Group to Target Group
EC2 management console >> Auto scaling Group >> Select the Auto scaling Group “app-version1-asg” >> Edit
Under the Load balancing option, select “Application, Network or Gateway Load Balancer target groups” select the Target group we created “app-version1-tg” and click on update.
Now the Instances created by the Auto scaling Group are added to the Target Group.
Step 5: Create Application Load balancer (app-alb)
In the EC2 management console, Click on Load Balancer >> Create Load Balancer >> Application Load Balancer >> Create
Load balancer name: app-alb
Network mapping: Select at least two Availability Zones and one subnet per zone. The load balancer routes traffic to targets in these Availability Zones only.
Security Group : Select an existing security group : freedom
Listeners and routing :
Application load balancer endpoint would listen only on this particular listener protocol and port number. Application load balancer won’t support any other protocol and port other than what is defined as a listener.
If a request comes with https protocol for the 443 port, the default Action we select is Forward to the Target Group we created app-version1-tg which means HTTP requests that come to the load balancer, would be forwarded to the underlying target group.
Using AWS Certificate Manager (ACM) we can provision and manage SSL/TLS certificates for your AWS-based websites and applications.
Since ALB is configured to listen on HTTPS port only, We are loading the certificate created for chandika.tech domain from ACM. This certificate will automatically be added to the listener certificate list.
Now Click on Create Load Balancer.
Step 5(1): Add HTTP listener to redirect to HTTPS
Another listener for HTTP(80) is added to ensure the requests that come with HTTP protocol are also served properly.
EC2 >> Load Balancer >> Select the load balancer “app-alb” >> Under Listeners tab >> Add Listener
Protocol: HTTP
Port: 80
Default action: Redirect to HTTPS: 443
Click on Add
Step 6: Forwarding traffic to target group 1 (app-version1-tg) using ALB rules
EC2 >> Load Balancer >> Select the load balancer “app-alb” >> Under Listeners tab >> Select the Listener “HTTPS:443” >> Actions >> Manage rules
Click on the + icon to add rules, and Click on the pencil icon to edit existing rules
To add a new rule, Click on Insert Rule
Add condition >> Select “Host header” >> Host header : shopping.chandika.tech
Add action >> Select “Forward to” >> Select target group “app-version1-tg”
Click on Tick to save the rule >> Click on Save
The requests that come with the shopping.chandika.tech host header would be subjected to the first rule which forwards the request to the target group containing the version instances.
All other requests (not containing shopping.chandika.tech host header) would be subjected to the “default action” rule(second rule in the pic). By default, it is also set to redirect to app-version1-tg. We will edit it to return fixed responses as “Site not found”.
Click on the pencil straight to the default action rule
IF (all match): Requests otherwise not routed Forward To delete the current rule
Click on Add action >> Return Fixed Response
Response code: 503
Content-Type: text/HTML
Response body: Site Not Found
Click on the Tick
The Default rule was successfully updated.
Step 7: Pointing my domain “shopping.chandika.tech” to the ALB endpoint in route 53
Navigate to Route 53 Dashboard >> Click on Hosted Zone
Click on the Domain’s zone (chandika.tech) Click on “Create record”
Record name: shopping
Enable: Alias
Route traffic to Alias to Application and Classic Load Balancer
Choose Region: Asia Pacific Mumbai [ap-south-1]
Choose Load Balancer: dualstack.Shopping-app-xxxxx.ap-south-1.elb.amazonaws.com
Click on Create.
Calling https://shopping.chandika.tech is working fine
2. Deploying App Version 2
Step 8: Create Launch configuration (app-version2-lc)
EC2 >> Auto Scaling groups >> Create Auto Scaling group
Click on Create a Launch configuration
Launch Configuration Name: app-version2-lc
AMI: ami-0xxxxxxx (You can get Amazon Linux ID from EC2 Instance Launch Panel)
Instance type: t2.micro
Advanced configuration >> Advanced details >> Userdata: Enter the set of commands that has to be executed automatically after the instance is provisioned
If your application is pre-packaged with a basic image, then you might choose that particular AMI. Otherwise, you can make use of user data to deploy the application
Storage(volumes): By default, 8GB Root volume is attached for t2.micro class
Security groups: Select from existing security groups. If you don’t have any existing security groups, you can create a new one using “create a new security group”
Key pair >> Choose an existing key pair
Existing key pair >> Select the keypair which you have already created and have the private key of the same in your local
Enable “I acknowledge that I have access to the selected private key file, and that without this file, I won’t be able to log into my instance.”
Click on Create launch configuration
We can see 2 launch configurations, One is for version 1 and another is for version 2.
Step 9: Create Auto Scaling Group (app-version2-asg)
To create AutoScalingGroup,
EC2 >> Auto Scaling groups >> Create Auto Scaling group
Name : app-version2-asg
Click on Switch to Launch configuration
Select the launch configuration in the drop-down as “app-version2-lc” >> click Next
Choose instance launch options >> Select the default VPC.
Availability Zones and subnets: Select the subnets in which ASG Provides the instances.
Configure advanced options >> Load balancing >> No load balancer
Health check grace period: 120 Sec
Configure group size and scaling policies.
Min, Max, Desired capacity — 2
Scaling policies
Dynamic scaling policy — dynamically resize your Auto Scaling group to meet changes in demand.
As of now, choosing None to use a static scaling policy.
Add tags
Enter the name and value as tags to add to the new instances that the Auto Scaling Group creates so that we can understand the instances that are created by the Auto Scaling Group
Key: Name, Value: version2
Review
On this page, we can review the AutoscalingGroup configuration and if any section needs to be modified, click on the edit option on the same section to make changes.
Click on “Create Auto Scaling Group”
Now we can see the AutoScalingGroup is created.
The Details section explains the capacity details of AutoScalingGroup
The instance management section shows the instances that are managed by the Auto Scaling Group
Step 10: Create Target group (app-version2-tg)
A Target group tells a load balancer where to direct traffic to: EC2 instances, fixed IP addresses; or AWS Lambda functions, amongst others.
In the EC2 management console >> Click on Target Group under Load Balancing >> Click on Create Target Group
Target type: Instances
Target group name: app-version2-tg Protocol: HTTP Port: By default, a load balancer routes requests to its targets using the protocol and port number that you specified when you created the target group. Instance Port: 80
Health checks: The associated load balancer periodically sends requests, per the settings provided, to the registered targets to test their status
Health check protocol: HTTP Health check path: /index.php
Healthy threshold: 2 (It is the number of consecutive health checks successes required before considering an unhealthy target healthy)
Unhealthy threshold: 2 (It is the number of consecutive health check failures required before considering a target unhealthy)
Timeout: 5 seconds (It is the amount of time, in seconds, during which no response means a failed health check)
Interval: 30 seconds (It is the approximate amount of time between health checks of an individual target)
Success codes: 200
Register targets: Do not select any specific instance as targets. Why registering instances as targets is not recommended is, that when that particular instance is down ASG will create a new instance following the health check failed situation. But the new instance which is replaced by the ASG would need to be manually registered to the target group. Hence, We will attach an auto-scaling group to the target group so that the instances created by the ASG will automatically act as targets for the load balancer.
Click on Create Target Group. A Target Group with the name “app-version2-tg” will be created.
Select the target group “app-version2-tg” from the list, you can see no targets under “Registered targets.”
Step 11: Attach Auto Scaling Group to Target Group
EC2 management console >> Auto-scaling Group >> Select the Auto-scaling Group “app-version2-asg” >> Edit.
Under the Load balancing option, select “Application, Network or Gateway the Load Balancer target groups” Select the Target group we created “app-version2-tg” and click on update.
The instances of the auto-scaling group are attached to the target group now.
Step 12: Forward 100% of traffic to the new target group (app-version2-tg) using ALB rules.
EC2 console >> Load Balancers >> Click on app-alb
Under Listener tab >> Choose HTTPS:443 listener >> Actions >> Manage rules
Click on edit (pencil icon) option >> Edit the rule number 1 where IF = Host is shopping.chandika.tech
Click on Edit of Forward to where IF = Host is shopping.chandika.tech
Select a second target group from the dropdown >> Choose app-version2-tg
Enter the weightage in the small box next to the target group box app-version1-tg: 0 (0%) app-version2-tg: 1 (100%)
This allows the ALB to forward 100% of the traffic to the app-version2-tg target group and No traffic to the app-version1-tg target group.
Click the tick to save the rule
The website/application shopping.chandika.tech is served fully by the app-version2-tg target group and not by the app-version1-tg target group as in the screenshot
All other requests having a host header other than shopping.chandika.tech are served with a “Site Not Found” fixed response.
For a cost-effective solution, reduce the auto-scaling group version-1’s (app-version1-asg) capacity to 0. When there is a revert needed to version 1, we can increase the capacity to the need so the auto-scaling group 1(app-version1-asg) will launch new instances from the launch configuration 1(app-version1-lc).
Advantages & Disadvantages of Blue/Green Deployments
Advantages:
- Debugging: In Blue-green deployment, rollbacks always leave the failed deployment intact for analysis.
- Zero downtime: no downtime means that we can make releases at any time. There is no need to wait for maintenance windows.
- Instant switch: users are switched to another environment instantaneously.
- Instant rollback: we can easily go back to the previous version in an instant.
- Replacement: we can easily switch to the other environment if a data center containing our live environment goes down. This will work as long we have had the precaution of not putting blue and green in the same availability zone.
Disadvantages:
- Data Migration: database migrations are harder, even to the point of being a showstopper. Database schema changes must be forward and backward-compatible. We may need to move back and forth between the old and new versions
- Sudden Delays: If users are suddenly switched to a new environment, they might experience some slowness.
- Expenses: Compared to other methods, the blue-green deployments are more expensive. Provisioning infrastructure on-demand helps. But when we’re making several scaled-out deployments per day, the costs can snowball.
- Time & Effort: setting up the blue-green deployment process takes time and effort. The process is complex and has a great deal of responsibility. We may need to do many iterations before we get it working right.
- Handling transactions: while switching the environment, some user transactions will get interrupted.
- Shared services: databases and other shared services can leak information between blue and green. This could break the isolation rule and interfere with the deployment.
In this blog, we learned about how to deploy the application’s new versions without downtime, without affecting the performance ensuring user satisfaction.
Thank you. Hope the post is useful! See you again!!