Blue/Green deploys to ECS with GitHub Actions

app.tf

resource "aws_codedeploy_app" "web" {
  compute_platform = "ECS"
  name             = "honeybadger-web-${var.environment}"
}

resource "aws_codedeploy_deployment_group" "web" {
  app_name               = aws_codedeploy_app.web.name
  deployment_config_name = "CodeDeployDefault.ECSAllAtOnce"
  deployment_group_name  = var.environment
  service_role_arn       = aws_iam_role.web-deployer.arn

  auto_rollback_configuration {
    enabled = true
    events  = ["DEPLOYMENT_FAILURE", "DEPLOYMENT_STOP_ON_ALARM", "DEPLOYMENT_STOP_ON_REQUEST"]
  }

  alarm_configuration {
    enabled = true
    alarms = [
      "Puma Worker Start Errors",
    ]
  }

  blue_green_deployment_config {
    deployment_ready_option {
      action_on_timeout = "CONTINUE_DEPLOYMENT"
    }

    terminate_blue_instances_on_deployment_success {
      action                           = "TERMINATE"
      termination_wait_time_in_minutes = 15
    }
  }

  deployment_style {
    deployment_option = "WITH_TRAFFIC_CONTROL"
    deployment_type   = "BLUE_GREEN"
  }

  ecs_service {
    cluster_name = aws_ecs_cluster.hb.name
    service_name = aws_ecs_service.web.name
  }

  load_balancer_info {
    target_group_pair_info {
      prod_traffic_route {
        listener_arns = [aws_lb_listener.https.arn]
      }

      target_group {
        name = aws_lb_target_group.web-1.name
      }

      target_group {
        name = aws_lb_target_group.web-2.name
      }
    }
  }

  depends_on = [aws_cloudwatch_metric_alarm.puma_worker_start_errors]
}

resource "aws_ecs_service" "web" {
  name                              = "web"
  cluster                           = aws_ecs_cluster.hb.id
  task_definition                   = aws_ecs_task_definition.app.arn
  launch_type                       = "FARGATE"

  deployment_controller {
    type = "CODE_DEPLOY"
  }

  load_balancer {
    target_group_arn = aws_lb_target_group.web-1.arn
    container_name   = "app"
    container_port   = 5000
  }
  
  # ...
}

appspec.yml

version: 0.0
Resources:
  - TargetService:
      Type: AWS::ECS::Service
      Properties:
        TaskDefinition: ""
        LoadBalancerInfo:
          ContainerName: "app"
          ContainerPort: 5000

deploy.yml

jobs:
  update_web:
    needs: push
    name: Update Web Task
    runs-on: ubuntu-latest
    timeout-minutes: 10
    permissions:
      id-token: write
      contents: read
    environment:
      name: production
    strategy:
      matrix:
        region: [us-east-1, eu-central-1]
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ env.AWS_ROLE }}
          aws-region: ${{ matrix.region }}

      - name: Download task definition
        run: aws ecs describe-task-definition --task-definition app --query taskDefinition > task-definition.json

      - name: Fill in the new image ID in the task definition for the app container
        id: task-def-app
        uses: aws-actions/amazon-ecs-render-task-definition@v1
        with:
          task-definition: task-definition.json
          container-name: app
          image: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ matrix.region }}.amazonaws.com/honeybadger:${{ env.IMAGE_TAG }}

      - name: Checkout
        uses: actions/checkout@v4

      - name: Deploy web task definition
        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
        with:
          task-definition: ${{ steps.task-def-app.outputs.task-definition }}
          service: web
          cluster: honeybadger-production
          wait-for-service-stability: false
          codedeploy-application: honeybadger-web-production
          codedeploy-deployment-group: production
          codedeploy-appspec: config/appspec.yml