A Step-by-Step Guide to Deployment Strategies based on AWS Route53 and ELB

How to realize these strategies in AWS, we can classify them into 3 categories:

1. Using CodeDeploy
2. By Route53/DNS or ELB based Approach
3. Services Managed (Elastic Beanstalk, RDS Blue/Green)

---

In last article we have list how to use CodeDeploy to achieve our goal, therefore here we will have a simple look at the Route53/DNS or ELB based Approach.

0. Preparation

Before we start demo, we need prepare some services which we will use later.

• Security Group (SG)
  • ALB SG
  • ASG SG
• ALB
  • ALB will be behind the ASG for routing traffic
• target group
  • will be the "connection" between ALB and ASG
• ASG Template
  • In order to create ASG, we need a template
• ASG
  • used for Blue/Green Group
• Route53 Host Zone and Records
  • attach weighted routing policy

0.1 Security Group

In this demo, we want the inbound traffic from anywhere of internet to ALB, so we can access it from our browser.
And for ASG, we want inbound traffic only from the ALB, outbound not restrict.
Therefore we will setup one SG for ALB and another SG for ASG.

0.2 Application Load Balancer (ALB)

ALB routes incoming traffic to a Target Group based on rules (e.g., host-based, path-based routing).

Settings

• scheme: internet-facing
  • as we want to check it by browser
• Network Mapping: choose the VPC
  • AZ: choose where the ASG will be created
• Security Group: see above section settings
• Listeners and routing:
  • Port: will will use apache server for this demo so here choose http 80 port
  • Default action: we will setup the tg in next section.
  • how the load balancer routes requests to its registered targets.

0.2 Target Group

The targe group will tell the ALB: where to route the traffic -- the registered target instances. Also it will tell the ASG: the existing load balancer target groups.
Therefore a target group defines where the ALB sends traffic. It can contain:

• Instances (EC2 instances)
• IP addresses
• AWS Lambda functions And the target group performs health checks and distributes traffic only to healthy instances.

In this demo we choose the target type as instance, as our demo use two ASG group of EC2 instance.

Target Group Connects ALB and ASG:

• ALB sends traffic to the target group.
• ASG adds/removes EC2 instances, and it automatically registers or deregisters instances with the target group.
• The target group checks instance health and only forwards traffic to healthy instances.

1. ALB receives a request.
2. ALB forwards the request to a target group.
3. The target group has instances (EC2) registered from the ASG.
4. If ASG scales out (adds an instance), the new instance is automatically registered in the target group.
5. If ASG scales in (removes an instance), the instance is deregistered from the target group.

0.3 ASG Template

• AMI: choose what you want, here we use AWS Linux
• instance type: t2.micro (free tier)
• Network:
  • subnet: Not set here
  • sg: choose above sg for ASG
• Advanced Details:
  • User data: upload the script or write the script, where we can define what we want to install after instance start.

Here we will run a simple script to use an apache httpd server and edit the page with the instance id, as:

#!/bin/bash

# Update system packages
yum update -y

# Install Apache
yum install -y httpd

# Start Apache service
systemctl start httpd
systemctl enable httpd

# Create a token first
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"`

# Then use the token to get the instance ID from metadata service
INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id)

# Create custom index.html with instance ID
cat <<EOF > /var/www/html/index.html
<!DOCTYPE html>
<html>
<head>
    <title>Welcome to My EC2 Instance</title>
    <style>
        body {
            font-family: Arial, sans-serif;
            text-align: center;
            padding-top: 50px;
        }
        h1 {
            color: #232f3e;
        }
        .instance-id {
            color: #ff9900;
            font-size: 24px;
            margin-top: 20px;
        }
    </style>
</head>
<body>
    <h1>Welcome to My EC2 Instance!</h1>
    <div class="instance-id">
        Instance ID: ${INSTANCE_ID}
    </div>
</body>
</html>
EOF

# Set proper permissions
chown -R apache:apache /var/www/html
chmod -R 755 /var/www/html

If you use apt package, change the command as you need.

For "Advanced network configuration", it is optional, we can enable the "Auto-assign public IP", if not, we can also edit the subnet, enable the auto assign IP.

0.4 Auto Scaling Group (ASG)

An ASG can be associated with a target group so that new EC2 instances are automatically registered in the target group.
We can create the ASG using the ASG Template which we created above.

• VPC & AZ: choose the VPC where ALB exists
• Load Balancer: choose we created above
• Target Group: choose we created above some optional choices:
• Health check: we can turn on ELB health checks
• Target tracking scaling policy: Choose a CloudWatch metric and target value and let the scaling policy adjust the desired capacity in proportion to the metric's value.

After these ASG group setup and attached with ALB, we can access the apache server on any one of EC2 instance in ASG via ALB's DNS name.

0.5 Route53

0.5.1 Host Zone

If you use Route53 to manage your domain, then setup a Host Zone for your domain. (However, if you not use Route53, we will not talk about here.)

0.5.2 Records

Create two same record name with route type as weighted and setup the Alias to Application and Classic Load Balancer with some weights.

And now we can access the EC2 instance through the records.

---

Ok, now we have setup the ASG and ALB, and also setup the Host Zone, next we can continue the deployment.

1. Route53/DNS based Approach

Firstly we will use Route53 with two DNS records with same record name but different weights for routing.

1.1 Services and Architecture

1.2 Steps

1. follow above steps to create two ALB and the target group, which used to be behind the Blue/Green ASG
2. Use above created group as Blue group, and use the ASG template create another Green Group.
3. create the record in Route53 with same name "test.leeindeutschland.de", but with different weight 90 and 10.
4. test for the results by access the web address.

If there is any issue with the new Green environment, we can redirect all the traffic to Blue group by changing the portion of weight.

2. ELB/ASG based Approach

In this exmaple we will use two ASG groups behind the ALB (Application Load Balancer) to realze the Blue/Green Deployment. You can also try to use EKS instead of ASG.

2.1 Services and Architecture

2.2 Steps

1. Use above create ALB, and put it behind both Blue and Green Groups.
2. firstly in target group register the instance in the Blue group;
3. Then switch to green group, by deregistering the blue group instance, and registering the green group instance.
4. run the test

If any issue occur, we can quickly switch back to the orignal group.

Troubleshooting

During above "Security group" settings, we set the sg for ASG only allow inbound traffic of http port 80 from ALB. If there is some issue with the instance, we can change the security group rules, set it as allow inbound traffic of http port 80 from anywhere.

Also if we want to log onto the instance, we can also set up a rule for the SSH access.

Summary

We have explain two examples which are Route53/DNS or ALB/ASG based approaches to realize the Blue/Green deployment. Other deployment strategies are similar steps according to different setups.