Blue/Green Infrastructure with Terraform
Infrastructure as Code is one of the cool things right now. Every DevOps-related conference in the past two years had a talk or two about the subject, and that’s a good thing.
In the wake of the DevOps movement, HashiCorp emerged as one of the most respected companies in that space. Today I’m going to talk about one of their products: Terraform.
What is Terraform?
Terraform is a tool which allows to easily manage cloud resources in a declarative way. Using a simple Programming Language, it lets you define pretty much the shape of a cloud infrastructure including VPCs, Subnets, Compute Instances, Load Balancers, DNS Records and so on. It works with every major cloud provider, but it’s not cloud-agnostic. That means you can create for example a Load Balancer in AWS or Google Cloud, but the code will be slightly different for each of them.
What is Blue/Green deployment?
Blue/Green deployment is a DevOps practice that aims to reduce downtime on updates by creating a new copy of the desired component, while maintaining the current. Given that, you end with two versions of the system: One with the actual version (blue) and another with a newer one (green). When the new version is up and running, you can seamlessly switch traffic to it. This is useful not only to reduce downtime, but also to improve rollback time when something bad happens.
While Blue/Green deployment is a technique more commonly used with application deployment, the reduced costs of the cloud, in conjunction with the tools we have right now, make possible to have two copies of an entire cloud infrastructure with little to no pain.
It is important to note that doing Blue/Green deployment of an entire Cloud Infrastructure is not a silver bullet and certainly a bit too much if you are doing small changes (for example, adding a new EC2 Instance to your stack). But for major/breaking changes is a win and I personally recommend it.
Terraform to the rescue!
I’ll be using Amazon Web Services for this tutorial, but the code won’t vary too much with another provider.
After finishing this, you will be able to create an infrastructure containing:
- A Virtual Private Cloud
- Three Subnets, each one in a different Availability Zone
- A Security Group
- Three EC2 Instances serving an NGINX Server on the Port 80 (each one in a different subnet)
- A Load Balancer pointing to those Instances
Then, you will be able to:
- Make changes in the Infrastructure
- Create an entire new Infrastructure with that change
- Switch traffic through the new Infrastructure
- Destroy the Old Infrastructure
The full example can be seen on https://github.com/santiagopoli/terraform-examples/tree/master/blue-green
To follow this tutorial, you need to have your AWS Credentials configured in your Environment, with at least the EC2FullAccess policy attached.
Creating a VPC (Virtual Private Cloud)
I know this is a Terraform tutorial, but a recommended practice is to have a manually created VPC. You can create VPCs with Terraform, but there are a lot of external services that rely on knowing your VPC ID beforehand, so it is better to not create a new one every time on every Blue/Green deployment.
Also, you may have security groups that are created externally by another team in your organization. For that matter, we will be creating a VPC using the AWS Console.