AWS CodeDeploy Construct Library
Table of Contents
Deploying to Amazon EC2 and on-premise instances
Deploying to AWS Lambda functions
Deploying to Amazon ECS services
Introduction
AWS CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services.
The CDK currently supports Amazon EC2, on-premise, AWS Lambda, and Amazon ECS applications.
EC2/on-premise Applications
To create a new CodeDeploy Application that deploys to EC2/on-premise instances:
application = codedeploy.ServerApplication(self, "CodeDeployApplication",
application_name="MyApplication"
)
To import an already existing Application:
application = codedeploy.ServerApplication.from_server_application_name(self, "ExistingCodeDeployApplication", "MyExistingApplication")
EC2/on-premise Deployment Groups
To create a new CodeDeploy Deployment Group that deploys to EC2/on-premise instances:
import aws_cdk.aws_autoscaling as autoscaling
import aws_cdk.aws_cloudwatch as cloudwatch
# application: codedeploy.ServerApplication
# asg: autoscaling.AutoScalingGroup
# alarm: cloudwatch.Alarm
deployment_group = codedeploy.ServerDeploymentGroup(self, "CodeDeployDeploymentGroup",
application=application,
deployment_group_name="MyDeploymentGroup",
auto_scaling_groups=[asg],
# adds User Data that installs the CodeDeploy agent on your auto-scaling groups hosts
# default: true
install_agent=True,
# adds EC2 instances matching tags
ec2_instance_tags=codedeploy.InstanceTagSet({
# any instance with tags satisfying
# key1=v1 or key1=v2 or key2 (any value) or value v3 (any key)
# will match this group
"key1": ["v1", "v2"],
"key2": [],
"": ["v3"]
}),
# adds on-premise instances matching tags
on_premise_instance_tags=codedeploy.InstanceTagSet({
"key1": ["v1", "v2"]
}, {
"key2": ["v3"]
}),
# CloudWatch alarms
alarms=[alarm],
# whether to ignore failure to fetch the status of alarms from CloudWatch
# default: false
ignore_poll_alarms_failure=False,
# whether to skip the step of checking CloudWatch alarms during the deployment process
# default: false
ignore_alarm_configuration=False,
# auto-rollback configuration
auto_rollback=codedeploy.AutoRollbackConfig(
failed_deployment=True, # default: true
stopped_deployment=True, # default: false
deployment_in_alarm=True
)
)
All properties are optional - if you don’t provide an Application, one will be automatically created.
To import an already existing Deployment Group:
# application: codedeploy.ServerApplication
deployment_group = codedeploy.ServerDeploymentGroup.from_server_deployment_group_attributes(self, "ExistingCodeDeployDeploymentGroup",
application=application,
deployment_group_name="MyExistingDeploymentGroup"
)
Load balancers
You can specify a load balancer
with the loadBalancer property when creating a Deployment Group.
LoadBalancer is an abstract class with static factory methods that allow you to create instances of it from various sources.
With Classic Elastic Load Balancer, you provide it directly:
import aws_cdk.aws_elasticloadbalancing as elb
# lb: elb.LoadBalancer
lb.add_listener(
external_port=80
)
deployment_group = codedeploy.ServerDeploymentGroup(self, "DeploymentGroup",
load_balancer=codedeploy.LoadBalancer.classic(lb)
)
With Application Load Balancer or Network Load Balancer, you provide a Target Group as the load balancer:
# alb: elbv2.ApplicationLoadBalancer
listener = alb.add_listener("Listener", port=80)
target_group = listener.add_targets("Fleet", port=80)
deployment_group = codedeploy.ServerDeploymentGroup(self, "DeploymentGroup",
load_balancer=codedeploy.LoadBalancer.application(target_group)
)
The loadBalancer property has been deprecated. To provide multiple Elastic Load Balancers as target groups use the loadBalancers parameter:
import aws_cdk.aws_elasticloadbalancing as elb
import aws_cdk.aws_elasticloadbalancingv2 as elb2
# clb: elb.LoadBalancer
# alb: elb2.ApplicationLoadBalancer
# nlb: elb2.NetworkLoadBalancer
alb_listener = alb.add_listener("ALBListener", port=80)
alb_target_group = alb_listener.add_targets("ALBFleet", port=80)
nlb_listener = nlb.add_listener("NLBListener", port=80)
nlb_target_group = nlb_listener.add_targets("NLBFleet", port=80)
deployment_group = codedeploy.ServerDeploymentGroup(self, "DeploymentGroup",
load_balancers=[
codedeploy.LoadBalancer.classic(clb),
codedeploy.LoadBalancer.application(alb_target_group),
codedeploy.LoadBalancer.network(nlb_target_group)
]
)
EC2/on-premise Deployment Configurations
You can also pass a Deployment Configuration when creating the Deployment Group:
deployment_group = codedeploy.ServerDeploymentGroup(self, "CodeDeployDeploymentGroup",
deployment_config=codedeploy.ServerDeploymentConfig.ALL_AT_ONCE
)
The default Deployment Configuration is ServerDeploymentConfig.ONE_AT_A_TIME.
You can also create a custom Deployment Configuration:
deployment_config = codedeploy.ServerDeploymentConfig(self, "DeploymentConfiguration",
deployment_config_name="MyDeploymentConfiguration", # optional property
# one of these is required, but both cannot be specified at the same time
minimum_healthy_hosts=codedeploy.MinimumHealthyHosts.count(2)
)
Or import an existing one:
deployment_config = codedeploy.ServerDeploymentConfig.from_server_deployment_config_name(self, "ExistingDeploymentConfiguration", "MyExistingDeploymentConfiguration")
Lambda Applications
To create a new CodeDeploy Application that deploys to a Lambda function:
application = codedeploy.LambdaApplication(self, "CodeDeployApplication",
application_name="MyApplication"
)
To import an already existing Application:
application = codedeploy.LambdaApplication.from_lambda_application_name(self, "ExistingCodeDeployApplication", "MyExistingApplication")
Lambda Deployment Groups
To enable traffic shifting deployments for Lambda functions, CodeDeploy uses Lambda Aliases, which can balance incoming traffic between two different versions of your function. Before deployment, the alias sends 100% of invokes to the version used in production. When you publish a new version of the function to your stack, CodeDeploy will send a small percentage of traffic to the new version, monitor, and validate before shifting 100% of traffic to the new version.
To create a new CodeDeploy Deployment Group that deploys to a Lambda function:
# my_application: codedeploy.LambdaApplication
# func: lambda.Function
version = func.current_version
version1_alias = lambda_.Alias(self, "alias",
alias_name="prod",
version=version
)
deployment_group = codedeploy.LambdaDeploymentGroup(self, "BlueGreenDeployment",
application=my_application, # optional property: one will be created for you if not provided
alias=version1_alias,
deployment_config=codedeploy.LambdaDeploymentConfig.LINEAR_10PERCENT_EVERY_1MINUTE
)
In order to deploy a new version of this function:
Reference the version with the latest changes
const version = func.currentVersion.Re-deploy the stack (this will trigger a deployment).
Monitor the CodeDeploy deployment as traffic shifts between the versions.
Lambda Deployment Rollbacks and Alarms
CodeDeploy will roll back if the deployment fails. You can optionally trigger a rollback when one or more alarms are in a failed state:
import aws_cdk.aws_cloudwatch as cloudwatch
# alias: lambda.Alias
# or add alarms to an existing group
# blue_green_alias: lambda.Alias
alarm = cloudwatch.Alarm(self, "Errors",
comparison_operator=cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
threshold=1,
evaluation_periods=1,
metric=alias.metric_errors()
)
deployment_group = codedeploy.LambdaDeploymentGroup(self, "BlueGreenDeployment",
alias=alias,
deployment_config=codedeploy.LambdaDeploymentConfig.LINEAR_10PERCENT_EVERY_1MINUTE,
alarms=[alarm
]
)
deployment_group.add_alarm(cloudwatch.Alarm(self, "BlueGreenErrors",
comparison_operator=cloudwatch.ComparisonOperator.GREATER_THAN_THRESHOLD,
threshold=1,
evaluation_periods=1,
metric=blue_green_alias.metric_errors()
))
Pre and Post Hooks
CodeDeploy allows you to run an arbitrary Lambda function before traffic shifting actually starts (PreTraffic Hook) and after it completes (PostTraffic Hook). With either hook, you have the opportunity to run logic that determines whether the deployment must succeed or fail. For example, with PreTraffic hook you could run integration tests against the newly created Lambda version (but not serving traffic). With PostTraffic hook, you could run end-to-end validation checks.
# warm_up_user_cache: lambda.Function
# end_to_end_validation: lambda.Function
# alias: lambda.Alias
# pass a hook whe creating the deployment group
deployment_group = codedeploy.LambdaDeploymentGroup(self, "BlueGreenDeployment",
alias=alias,
deployment_config=codedeploy.LambdaDeploymentConfig.LINEAR_10PERCENT_EVERY_1MINUTE,
pre_hook=warm_up_user_cache
)
# or configure one on an existing deployment group
deployment_group.add_post_hook(end_to_end_validation)
Import an existing Lambda Deployment Group
To import an already existing Deployment Group:
# application: codedeploy.LambdaApplication
deployment_group = codedeploy.LambdaDeploymentGroup.from_lambda_deployment_group_attributes(self, "ExistingCodeDeployDeploymentGroup",
application=application,
deployment_group_name="MyExistingDeploymentGroup"
)
Lambda Deployment Configurations
CodeDeploy for Lambda comes with predefined configurations for traffic shifting. The predefined configurations are available as LambdaDeploymentConfig constants.
# application: codedeploy.LambdaApplication
# alias: lambda.Alias
config = codedeploy.LambdaDeploymentConfig.CANARY_10PERCENT_30MINUTES
deployment_group = codedeploy.LambdaDeploymentGroup(self, "BlueGreenDeployment",
application=application,
alias=alias,
deployment_config=config
)
If you want to specify your own strategy, you can do so with the LambdaDeploymentConfig construct, letting you specify precisely how fast a new function version is deployed.
# application: codedeploy.LambdaApplication
# alias: lambda.Alias
config = codedeploy.LambdaDeploymentConfig(self, "CustomConfig",
traffic_routing=codedeploy.TimeBasedCanaryTrafficRouting(
interval=Duration.minutes(15),
percentage=5
)
)
deployment_group = codedeploy.LambdaDeploymentGroup(self, "BlueGreenDeployment",
application=application,
alias=alias,
deployment_config=config
)
You can specify a custom name for your deployment config, but if you do you will not be able to update the interval/percentage through CDK.
config = codedeploy.LambdaDeploymentConfig(self, "CustomConfig",
traffic_routing=codedeploy.TimeBasedCanaryTrafficRouting(
interval=Duration.minutes(15),
percentage=5
),
deployment_config_name="MyDeploymentConfig"
)
To import an already existing Deployment Config:
deployment_config = codedeploy.LambdaDeploymentConfig.from_lambda_deployment_config_name(self, "ExistingDeploymentConfiguration", "MyExistingDeploymentConfiguration")
ECS Applications
To create a new CodeDeploy Application that deploys an ECS service:
application = codedeploy.EcsApplication(self, "CodeDeployApplication",
application_name="MyApplication"
)
To import an already existing Application:
application = codedeploy.EcsApplication.from_ecs_application_name(self, "ExistingCodeDeployApplication", "MyExistingApplication")
ECS Deployment Groups
CodeDeploy can be used to deploy to load-balanced ECS services. CodeDeploy performs ECS blue-green deployments by managing ECS task sets and load balancer target groups. During a blue-green deployment, one task set and target group runs the original version of your ECS task definition (’blue’) and another task set and target group runs the new version of your ECS task definition (’green’).
CodeDeploy orchestrates traffic shifting during ECS blue-green deployments by using a load balancer listener to balance incoming traffic between the ‘blue’ and ‘green’ task sets/target groups running two different versions of your ECS task definition. Before deployment, the load balancer listener sends 100% of requests to the ‘blue’ target group. When you publish a new version of the task definition and start a CodeDeploy deployment, CodeDeploy can send a small percentage of traffic to the new ‘green’ task set behind the ‘green’ target group, monitor, and validate before shifting 100% of traffic to the new version.
To create a new CodeDeploy Deployment Group that deploys to an ECS service:
# my_application: codedeploy.EcsApplication
# cluster: ecs.Cluster
# task_definition: ecs.FargateTaskDefinition
# blue_target_group: elbv2.ITargetGroup
# green_target_group: elbv2.ITargetGroup
# listener: elbv2.IApplicationListener
service = ecs.FargateService(self, "Service",
cluster=cluster,
task_definition=task_definition,
deployment_controller=ecs.DeploymentController(
type=ecs.DeploymentControllerType.CODE_DEPLOY
)
)
codedeploy.EcsDeploymentGroup(self, "BlueGreenDG",
service=service,
blue_green_deployment_config=codedeploy.EcsBlueGreenDeploymentConfig(
blue_target_group=blue_target_group,
green_target_group=green_target_group,
listener=listener
),
deployment_config=codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES
)
In order to deploy a new task definition version to the ECS service,
deploy the changes directly through CodeDeploy using the CodeDeploy APIs or console.
When the CODE_DEPLOY deployment controller is used, the ECS service cannot be
deployed with a new task definition version through CloudFormation.
For more information on the behavior of CodeDeploy blue-green deployments for ECS, see What happens during an Amazon ECS deployment in the CodeDeploy user guide.
Note: If you wish to deploy updates to your ECS service through CDK and CloudFormation instead of directly through CodeDeploy,
using the CfnCodeDeployBlueGreenHook
construct is the recommended approach instead of using the EcsDeploymentGroup construct. For a comparison
of ECS blue-green deployments through CodeDeploy (using EcsDeploymentGroup) and through CloudFormation (using CfnCodeDeployBlueGreenHook),
see Create an Amazon ECS blue/green deployment through AWS CloudFormation
in the CloudFormation user guide.
ECS Deployment Rollbacks and Alarms
CodeDeploy will automatically roll back if a deployment fails. You can optionally trigger an automatic rollback when one or more alarms are in a failed state during a deployment, or if the deployment stops.
In this example, CodeDeploy will monitor and roll back on alarms set for the number of unhealthy ECS tasks in each of the blue and green target groups, as well as alarms set for the number HTTP 5xx responses seen in each of the blue and green target groups.
import aws_cdk.aws_cloudwatch as cloudwatch
# service: ecs.FargateService
# blue_target_group: elbv2.ApplicationTargetGroup
# green_target_group: elbv2.ApplicationTargetGroup
# listener: elbv2.IApplicationListener
# Alarm on the number of unhealthy ECS tasks in each target group
blue_unhealthy_hosts = cloudwatch.Alarm(self, "BlueUnhealthyHosts",
alarm_name=Stack.of(self).stack_name + "-Unhealthy-Hosts-Blue",
metric=blue_target_group.metric_unhealthy_host_count(),
threshold=1,
evaluation_periods=2
)
green_unhealthy_hosts = cloudwatch.Alarm(self, "GreenUnhealthyHosts",
alarm_name=Stack.of(self).stack_name + "-Unhealthy-Hosts-Green",
metric=green_target_group.metric_unhealthy_host_count(),
threshold=1,
evaluation_periods=2
)
# Alarm on the number of HTTP 5xx responses returned by each target group
blue_api_failure = cloudwatch.Alarm(self, "Blue5xx",
alarm_name=Stack.of(self).stack_name + "-Http-5xx-Blue",
metric=blue_target_group.metric_http_code_target(elbv2.HttpCodeTarget.TARGET_5XX_COUNT, period=Duration.minutes(1)),
threshold=1,
evaluation_periods=1
)
green_api_failure = cloudwatch.Alarm(self, "Green5xx",
alarm_name=Stack.of(self).stack_name + "-Http-5xx-Green",
metric=green_target_group.metric_http_code_target(elbv2.HttpCodeTarget.TARGET_5XX_COUNT, period=Duration.minutes(1)),
threshold=1,
evaluation_periods=1
)
codedeploy.EcsDeploymentGroup(self, "BlueGreenDG",
# CodeDeploy will monitor these alarms during a deployment and automatically roll back
alarms=[blue_unhealthy_hosts, green_unhealthy_hosts, blue_api_failure, green_api_failure],
auto_rollback=codedeploy.AutoRollbackConfig(
# CodeDeploy will automatically roll back if a deployment is stopped
stopped_deployment=True
),
service=service,
blue_green_deployment_config=codedeploy.EcsBlueGreenDeploymentConfig(
blue_target_group=blue_target_group,
green_target_group=green_target_group,
listener=listener
),
deployment_config=codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES
)
Deployment validation and manual deployment approval
CodeDeploy blue-green deployments provide an opportunity to validate the new task definition version running on the ‘green’ ECS task set prior to shifting any production traffic to the new version. A second ‘test’ listener serving traffic on a different port be added to the load balancer. For example, the test listener can serve test traffic on port 9001 while the main listener serves production traffic on port 443. During a blue-green deployment, CodeDeploy can then shift 100% of test traffic over to the ‘green’ task set/target group prior to shifting any production traffic during the deployment.
# my_application: codedeploy.EcsApplication
# service: ecs.FargateService
# blue_target_group: elbv2.ITargetGroup
# green_target_group: elbv2.ITargetGroup
# listener: elbv2.IApplicationListener
# test_listener: elbv2.IApplicationListener
codedeploy.EcsDeploymentGroup(self, "BlueGreenDG",
service=service,
blue_green_deployment_config=codedeploy.EcsBlueGreenDeploymentConfig(
blue_target_group=blue_target_group,
green_target_group=green_target_group,
listener=listener,
test_listener=test_listener
),
deployment_config=codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES
)
Automated validation steps can run during the CodeDeploy deployment after shifting test traffic and before
shifting production traffic. CodeDeploy supports registering Lambda functions as lifecycle hooks for
an ECS deployment. These Lambda functions can run automated validation steps against the test traffic
port, for example in response to the AfterAllowTestTraffic lifecycle hook. For more information about
how to specify the Lambda functions to run for each CodeDeploy lifecycle hook in an ECS deployment, see the
AppSpec ‘hooks’ for an Amazon ECS deployment
section in the CodeDeploy user guide.
After provisioning the ‘green’ ECS task set and re-routing test traffic during a blue-green deployment, CodeDeploy can wait for approval before continuing the deployment and re-routing production traffic. During this approval wait time, you can complete additional validation steps prior to exposing the new ‘green’ task set to production traffic, such as manual testing through the test listener port or running automated integration test suites.
To approve the deployment, validation steps use the CodeDeploy [ContinueDeployment API(https://docs.aws.amazon.com/codedeploy/latest/APIReference/API_ContinueDeployment.html). If the ContinueDeployment API is not called within the approval wait time period, CodeDeploy will stop the deployment and can automatically roll back the deployment.
# service: ecs.FargateService
# blue_target_group: elbv2.ITargetGroup
# green_target_group: elbv2.ITargetGroup
# listener: elbv2.IApplicationListener
# test_listener: elbv2.IApplicationListener
codedeploy.EcsDeploymentGroup(self, "BlueGreenDG",
auto_rollback=codedeploy.AutoRollbackConfig(
# CodeDeploy will automatically roll back if the 8-hour approval period times out and the deployment stops
stopped_deployment=True
),
service=service,
blue_green_deployment_config=codedeploy.EcsBlueGreenDeploymentConfig(
# The deployment will wait for approval for up to 8 hours before stopping the deployment
deployment_approval_wait_time=Duration.hours(8),
blue_target_group=blue_target_group,
green_target_group=green_target_group,
listener=listener,
test_listener=test_listener
),
deployment_config=codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES
)
Deployment bake time
You can specify how long CodeDeploy waits before it terminates the original ‘blue’ ECS task set when a blue-green deployment is complete in order to let the deployment “bake” a while. During this bake time, CodeDeploy will continue to monitor any CloudWatch alarms specified for the deployment group and will automatically roll back if those alarms go into a failed state.
from aws_cdk import aws_cloudwatch as cloudwatch
# service: ecs.FargateService
# blue_target_group: elbv2.ITargetGroup
# green_target_group: elbv2.ITargetGroup
# listener: elbv2.IApplicationListener
# blue_unhealthy_hosts: cloudwatch.Alarm
# green_unhealthy_hosts: cloudwatch.Alarm
# blue_api_failure: cloudwatch.Alarm
# green_api_failure: cloudwatch.Alarm
codedeploy.EcsDeploymentGroup(self, "BlueGreenDG",
service=service,
blue_green_deployment_config=codedeploy.EcsBlueGreenDeploymentConfig(
blue_target_group=blue_target_group,
green_target_group=green_target_group,
listener=listener,
# CodeDeploy will wait for 30 minutes after completing the blue-green deployment before it terminates the blue tasks
termination_wait_time=Duration.minutes(30)
),
# CodeDeploy will continue to monitor these alarms during the 30-minute bake time and will automatically
# roll back if they go into a failed state at any point during the deployment.
alarms=[blue_unhealthy_hosts, green_unhealthy_hosts, blue_api_failure, green_api_failure],
deployment_config=codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES
)
Import an existing ECS Deployment Group
To import an already existing Deployment Group:
# application: codedeploy.EcsApplication
deployment_group = codedeploy.EcsDeploymentGroup.from_ecs_deployment_group_attributes(self, "ExistingCodeDeployDeploymentGroup",
application=application,
deployment_group_name="MyExistingDeploymentGroup"
)
ECS Deployment Configurations
CodeDeploy for ECS comes with predefined configurations for traffic shifting. The predefined configurations are available as LambdaDeploymentConfig constants.
config = codedeploy.EcsDeploymentConfig.CANARY_10PERCENT_5MINUTES
If you want to specify your own strategy, you can do so with the EcsDeploymentConfig construct, letting you specify precisely how fast an ECS service is deployed.
codedeploy.EcsDeploymentConfig(self, "CustomConfig",
traffic_routing=codedeploy.TimeBasedCanaryTrafficRouting(
interval=Duration.minutes(15),
percentage=5
)
)
You can specify a custom name for your deployment config, but if you do you will not be able to update the interval/percentage through CDK.
config = codedeploy.EcsDeploymentConfig(self, "CustomConfig",
traffic_routing=codedeploy.TimeBasedCanaryTrafficRouting(
interval=Duration.minutes(15),
percentage=5
),
deployment_config_name="MyDeploymentConfig"
)
Or import an existing one:
deployment_config = codedeploy.EcsDeploymentConfig.from_ecs_deployment_config_name(self, "ExistingDeploymentConfiguration", "MyExistingDeploymentConfiguration")
ECS Deployments
An experimental construct is available on the Construct Hub called @cdklabs/cdk-ecs-codedeploy that manages ECS CodeDeploy deployments.
# deployment_group: codedeploy.IEcsDeploymentGroup
# task_definition: ecs.ITaskDefinition
EcsDeployment({
"deployment_group": deployment_group,
"target_service": {
"task_definition": task_definition,
"container_name": "mycontainer",
"container_port": 80
}
})
The deployment will use the AutoRollbackConfig for the EcsDeploymentGroup unless it is overridden in the deployment:
# deployment_group: codedeploy.IEcsDeploymentGroup
# task_definition: ecs.ITaskDefinition
EcsDeployment({
"deployment_group": deployment_group,
"target_service": {
"task_definition": task_definition,
"container_name": "mycontainer",
"container_port": 80
},
"auto_rollback": {
"failed_deployment": True,
"deployment_in_alarm": True,
"stopped_deployment": False
}
})
By default, the CodeDeploy Deployment will timeout after 30 minutes. The timeout value can be overridden:
# deployment_group: codedeploy.IEcsDeploymentGroup
# task_definition: ecs.ITaskDefinition
EcsDeployment({
"deployment_group": deployment_group,
"target_service": {
"task_definition": task_definition,
"container_name": "mycontainer",
"container_port": 80
},
"timeout": Duration.minutes(60)
})