Blue-Green AWS Auto Scaling Deployments with Terraform

modules.tf

module "static" {

    source = "./static"

    # Variables from variables.tf
    region = "${var.region}"
    aws_access_key_id = "${var.aws_access_key_id}"
    aws_secret_access_key = "${var.aws_secret_access_key}"

}

/* BLUE (Prefix with # to ENABLE, leave as /* to DISABLE)
module "blue" {

    web_ami_id = "" # Get from Packer

    source = "./blue-green"
    blue_green_value = "blue"

    # Pass outputs from static module as variables to blue-green module
    aws_elb_lb_id = "${module.static.aws_elb_lb_id}"
    aws_subnet_web_a_id = "${module.static.aws_subnet_web_a_id}"
    aws_subnet_web_b_id = "${module.static.aws_subnet_web_b_id}"
    aws_security_group_web_id = "${module.static.aws_security_group_web_id}"
    aws_sns_topic_auto_scaling_arn = "${module.static.aws_sns_topic_auto_scaling_arn}"

}
/**/

#/* GREEN (Prefix with # to ENABLE, leave as /* to DISABLE)
module "green" {

    web_ami_id = "ami-5d1c5f67" # Get from Packer

    source = "./blue-green"
    blue_green_value = "green"

    # Pass outputs from static module as variables to blue-green module
    aws_elb_lb_id = "${module.static.aws_elb_lb_id}"
    aws_subnet_web_a_id = "${module.static.aws_subnet_web_a_id}"
    aws_subnet_web_b_id = "${module.static.aws_subnet_web_b_id}"
    aws_security_group_web_id = "${module.static.aws_security_group_web_id}"
    aws_sns_topic_auto_scaling_arn = "${module.static.aws_sns_topic_auto_scaling_arn}"

}
/**/

Terraform-Blue-Green-AWS.md

A quick note on how I'm currently handling Blue/Green or A/B deployments with Terraform and AWS EC2 Auto Scaling.

In my particular use case, I want to be able to inspect an AMI deployment manually before disabling the previous deployment.

Hopefully someone finds this useful, and if you have and feedback please leave a comment or email me.

Overview

I build my AMI's using Packer and Ansible.

Every time I build a new AMI, I want to create a new Launch Configuration (LC) and Auto Scaling Group (ASG) running this AMI, and bring the fresh EC2 instances into circulation with my existing Load Balancer (ELB).

Finally, once I've verified the new ASG instances are working well, I will delete the old LC and ASG, which will shut down any instances running the older AMI.

Terraform Workflow

Here are the steps I follow to handle an AMI deployment: (in this example, we're switching from Blue to Green)

1. Update AMI ID for green module
2. Enable green module
3. Terraform plan then apply
4. Verify new AMI deployment is working
5. Disable blue module
6. Terraform plan then apply

Terraform Setup

My Terraform configuration has been split into two modules: static and blue-green.

The blue-green module contains configuration for:

• Launch Configuration
• Auto Scaling Group

The static module contains all other network configuration, such as the VPC and ELB.

Finally, these two modules are tied together with a modules.tf file in the main directory.

e.g:

• /infrastructure
  • .terraform/
  • blue-green/
    • autoscaling.tf
    • launch_configuration.tf
    • variables.tf
  • static/
    • variables.tf
    • vpc.tf
    • sg.tf
    • elb.tf
    • outputs.tf
  • modules.tf
  • variables.tf

Where we run terraform plan and terraform apply in the infrastructure/ directory.

That's about it. I've included a copy of modules.tf for you to see how this part of the puzzle works :)

@ryan0x44 can you please share your blue-green and static module as well? Thanks

@ryan0x44 can you please share your blue-green and static module as well? Thanks

Yes please ^^

@ryan0x44 I would be interested in seeing that as well :D

I'd like to see this too.

+1 for blue-green and static modules

+1 for blue-green and static modules

+1 Seems promising, can i see blue-green and static modules.

+1 please share your modules =)

Great pattern, thanks! To guard against mistakes like accidentally changing web_ami_id on blue while blue is the only active ASG, I've added lifecycle { ignore_changes = all } to my ASG and launch configuration, so that I'm forced to roll out any changes using the blue-green strategy. If I wanted to be able to still make some changes in place, a list of attributes could be passed instead of all. One disadvantage of this is that when trying to get a new ASG up and running, fixing any mistakes requires removing it with one apply and recreating it with another.