Skip to content

feat: built-in native ECS blue green deployment #270

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

feat: built-in native ECS blue green deployment #270

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
1f8ced6
feat: native ECS blue green deployment
oycyc Aug 15, 2025
aa59070
simplify optional dynamic
oycyc Aug 15, 2025
08ee465
tf fmt
oycyc Aug 15, 2025
2e78857
update subnet module to fix tests
oycyc Aug 16, 2025
851d704
better var
oycyc Aug 16, 2025
e1f9519
variables
oycyc Aug 16, 2025
6e19d3b
fix null advanced_config logic
oycyc Aug 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion examples/complete/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module "vpc" {

module "subnets" {
source = "cloudposse/dynamic-subnets/aws"
version = "2.1.0"
version = "2.4.2"

availability_zones = var.availability_zones
vpc_id = module.vpc.vpc_id
Expand Down
156 changes: 156 additions & 0 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,23 @@ resource "aws_ecs_service" "ignore_changes_task_definition" {
force_new_deployment = var.force_new_deployment
enable_execute_command = var.exec_enabled

dynamic "deployment_configuration" {
for_each = var.deployment_configuration == null ? [] : [var.deployment_configuration]
content {
strategy = try(deployment_configuration.value.strategy, null)
bake_time_in_minutes = try(deployment_configuration.value.bake_time_in_minutes, null)

dynamic "lifecycle_hook" {
for_each = try(deployment_configuration.value.lifecycle_hooks, [])
content {
hook_target_arn = lifecycle_hook.value.hook_target_arn
role_arn = lifecycle_hook.value.role_arn
lifecycle_stages = lifecycle_hook.value.lifecycle_stages
}
}
}
}

dynamic "capacity_provider_strategy" {
for_each = var.capacity_provider_strategies
content {
Expand Down Expand Up @@ -467,6 +484,18 @@ resource "aws_ecs_service" "ignore_changes_task_definition" {
content {
dns_name = client_alias.value.dns_name
port = client_alias.value.port

dynamic "test_traffic_rules" {
for_each = try(client_alias.value.test_traffic_rules, [])
content {
header {
name = test_traffic_rules.value.header.name
value {
exact = test_traffic_rules.value.header.value.exact
}
}
}
}
}
}
dynamic "timeout" {
Expand Down Expand Up @@ -514,6 +543,16 @@ resource "aws_ecs_service" "ignore_changes_task_definition" {
container_port = load_balancer.value.container_port
elb_name = lookup(load_balancer.value, "elb_name", null)
target_group_arn = lookup(load_balancer.value, "target_group_arn", null)

dynamic "advanced_configuration" {
for_each = try(load_balancer.value.advanced_configuration, null) == null ? [] : [load_balancer.value.advanced_configuration]
content {
alternate_target_group_arn = advanced_configuration.value.alternate_target_group_arn
production_listener_rule = advanced_configuration.value.production_listener_rule
role_arn = advanced_configuration.value.role_arn
test_listener_rule = try(advanced_configuration.value.test_listener_rule, null)
}
}
}
}

Expand Down Expand Up @@ -572,6 +611,23 @@ resource "aws_ecs_service" "ignore_changes_task_definition_and_desired_count" {
force_new_deployment = var.force_new_deployment
enable_execute_command = var.exec_enabled

dynamic "deployment_configuration" {
for_each = var.deployment_configuration == null ? [] : [var.deployment_configuration]
content {
strategy = try(deployment_configuration.value.strategy, null)
bake_time_in_minutes = try(deployment_configuration.value.bake_time_in_minutes, null)

dynamic "lifecycle_hook" {
for_each = try(deployment_configuration.value.lifecycle_hooks, [])
content {
hook_target_arn = lifecycle_hook.value.hook_target_arn
role_arn = lifecycle_hook.value.role_arn
lifecycle_stages = lifecycle_hook.value.lifecycle_stages
}
}
}
}

dynamic "capacity_provider_strategy" {
for_each = var.capacity_provider_strategies
content {
Expand Down Expand Up @@ -621,6 +677,18 @@ resource "aws_ecs_service" "ignore_changes_task_definition_and_desired_count" {
content {
dns_name = client_alias.value.dns_name
port = client_alias.value.port

dynamic "test_traffic_rules" {
for_each = try(client_alias.value.test_traffic_rules, [])
content {
header {
name = test_traffic_rules.value.header.name
value {
exact = test_traffic_rules.value.header.value.exact
}
}
}
}
}
}
dynamic "timeout" {
Expand Down Expand Up @@ -668,6 +736,16 @@ resource "aws_ecs_service" "ignore_changes_task_definition_and_desired_count" {
container_port = load_balancer.value.container_port
elb_name = lookup(load_balancer.value, "elb_name", null)
target_group_arn = lookup(load_balancer.value, "target_group_arn", null)

dynamic "advanced_configuration" {
for_each = try(load_balancer.value.advanced_configuration, null) == null ? [] : [load_balancer.value.advanced_configuration]
content {
alternate_target_group_arn = advanced_configuration.value.alternate_target_group_arn
production_listener_rule = advanced_configuration.value.production_listener_rule
role_arn = advanced_configuration.value.role_arn
test_listener_rule = try(advanced_configuration.value.test_listener_rule, null)
}
}
}
}

Expand Down Expand Up @@ -726,6 +804,23 @@ resource "aws_ecs_service" "ignore_changes_desired_count" {
force_new_deployment = var.force_new_deployment
enable_execute_command = var.exec_enabled

dynamic "deployment_configuration" {
for_each = var.deployment_configuration == null ? [] : [var.deployment_configuration]
content {
strategy = try(deployment_configuration.value.strategy, null)
bake_time_in_minutes = try(deployment_configuration.value.bake_time_in_minutes, null)

dynamic "lifecycle_hook" {
for_each = try(deployment_configuration.value.lifecycle_hooks, [])
content {
hook_target_arn = lifecycle_hook.value.hook_target_arn
role_arn = lifecycle_hook.value.role_arn
lifecycle_stages = lifecycle_hook.value.lifecycle_stages
}
}
}
}

dynamic "capacity_provider_strategy" {
for_each = var.capacity_provider_strategies
content {
Expand Down Expand Up @@ -775,6 +870,18 @@ resource "aws_ecs_service" "ignore_changes_desired_count" {
content {
dns_name = client_alias.value.dns_name
port = client_alias.value.port

dynamic "test_traffic_rules" {
for_each = try(client_alias.value.test_traffic_rules, [])
content {
header {
name = test_traffic_rules.value.header.name
value {
exact = test_traffic_rules.value.header.value.exact
}
}
}
}
}
}
dynamic "timeout" {
Expand Down Expand Up @@ -822,6 +929,16 @@ resource "aws_ecs_service" "ignore_changes_desired_count" {
container_port = load_balancer.value.container_port
elb_name = lookup(load_balancer.value, "elb_name", null)
target_group_arn = lookup(load_balancer.value, "target_group_arn", null)

dynamic "advanced_configuration" {
for_each = try(load_balancer.value.advanced_configuration, null) == null ? [] : [load_balancer.value.advanced_configuration]
content {
alternate_target_group_arn = advanced_configuration.value.alternate_target_group_arn
production_listener_rule = advanced_configuration.value.production_listener_rule
role_arn = advanced_configuration.value.role_arn
test_listener_rule = try(advanced_configuration.value.test_listener_rule, null)
}
}
}
}

Expand Down Expand Up @@ -880,6 +997,23 @@ resource "aws_ecs_service" "default" {
force_new_deployment = var.force_new_deployment
enable_execute_command = var.exec_enabled

dynamic "deployment_configuration" {
for_each = var.deployment_configuration == null ? [] : [var.deployment_configuration]
content {
strategy = try(deployment_configuration.value.strategy, null)
bake_time_in_minutes = try(deployment_configuration.value.bake_time_in_minutes, null)

dynamic "lifecycle_hook" {
for_each = try(deployment_configuration.value.lifecycle_hooks, [])
content {
hook_target_arn = lifecycle_hook.value.hook_target_arn
role_arn = lifecycle_hook.value.role_arn
lifecycle_stages = lifecycle_hook.value.lifecycle_stages
}
}
}
}

dynamic "capacity_provider_strategy" {
for_each = var.capacity_provider_strategies
content {
Expand Down Expand Up @@ -929,6 +1063,18 @@ resource "aws_ecs_service" "default" {
content {
dns_name = client_alias.value.dns_name
port = client_alias.value.port

dynamic "test_traffic_rules" {
for_each = try(client_alias.value.test_traffic_rules, [])
content {
header {
name = test_traffic_rules.value.header.name
value {
exact = test_traffic_rules.value.header.value.exact
}
}
}
}
}
}
dynamic "timeout" {
Expand Down Expand Up @@ -976,6 +1122,16 @@ resource "aws_ecs_service" "default" {
container_port = load_balancer.value.container_port
elb_name = lookup(load_balancer.value, "elb_name", null)
target_group_arn = lookup(load_balancer.value, "target_group_arn", null)

dynamic "advanced_configuration" {
for_each = try(load_balancer.value.advanced_configuration, null) == null ? [] : [load_balancer.value.advanced_configuration]
content {
alternate_target_group_arn = advanced_configuration.value.alternate_target_group_arn
production_listener_rule = advanced_configuration.value.production_listener_rule
role_arn = advanced_configuration.value.role_arn
test_listener_rule = try(advanced_configuration.value.test_listener_rule, null)
}
}
}
}

Expand Down
28 changes: 28 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@ variable "ecs_load_balancers" {
container_port = number
elb_name = optional(string)
target_group_arn = string
advanced_configuration = optional(object({
alternate_target_group_arn = string
production_listener_rule = string
role_arn = string
test_listener_rule = optional(string)
}), null)
}))
description = "A list of load balancer config objects for the ECS service; see [ecs_service#load_balancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#load_balancer) docs"
default = []
Expand Down Expand Up @@ -446,6 +452,14 @@ variable "service_connect_configurations" {
client_alias = list(object({
dns_name = string
port = number
test_traffic_rules = optional(list(object({
header = object({
name = string
value = object({
exact = string
})
})
})), [])
}))
timeout = optional(list(object({
idle_timeout_seconds = optional(number, null)
Expand All @@ -470,6 +484,20 @@ variable "service_connect_configurations" {
default = []
}

variable "deployment_configuration" {
type = object({
strategy = optional(string)
bake_time_in_minutes = optional(number)
lifecycle_hooks = optional(list(object({
hook_target_arn = string
role_arn = string
lifecycle_stages = list(string)
})), [])
})
description = "ECS deployment configuration, supports blue green deployments (`strategy = 'BLUE_GREEN'`) with lifecycle hooks. See aws_ecs_service deployment_configuration at https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service#deployment_configuration - default of null which is the default ROLLING deployment strategy."
default = null
}

variable "permissions_boundary" {
type = string
description = "A permissions boundary ARN to apply to the 3 roles that are created."
Expand Down