Search code examples
amazon-web-servicesamazon-cloudfront

AWS Green/Blue Static Deploy off S3 whitepaper does not seem possible

I am trying to implement a green/blue AWS deploy of static files backed by S3 according to this (oldish) whitepaper.

In short, the idea is to create two separate CloudFront distributions which point to two separate folders in an S3 bucket. One is "green" and one "blue". After deploying one or the other, you then switch traffic over from green to blue or vice versa using weighted routing.

That is all well and good but the problem comes with using your own domain and linking a certificate.

In order to get CloudFront to serve the S3 files properly (over https with a cert on your own domain), you need to input the FQDN in the "Alternate Domain Names (CNAMEs) field when configuring the CloudFront distribution. However you cannot use the same name in multiple Cloudfront Distributions.

Therefore, I would need to use a different url per cloudfront distribution e.g. blue.mydomain.com and green.mydomain.com

However, if I do this then using weighted routing with a single A record in the associated Route53 entry would not work as the name must match the "CNAMEs" entered in the Cloudfront distribution to prevent ssl errors. Am I missing something? I could add my own reverse proxy or something but I really don't want to do that.

TL;DR it seems like this whitepaper is impossible to implement as-is?

Solution

  • You can use single CloudFront distribution with two AWS buckets as websites and switch them while deploying an application. Another option you can modify the viewer request with Lambda@Edge/Cloudfront function in order to redirect the request to the right origin or implement weighted routing.

    Also, I suggest considering using *.domain_name for blue distribution and app.domain_name for another one with ACM certificate *.domain_name. This allows you to use the same FQDN as an entry point for both.

    Take into account the fact that Cloudfront is HA and a global AWS service. There is no point to include it in your blue/green deployment schemas. Lambda@Edge or Cloudfront Functions might be really useful to switch between origins. There is an example.