DEV Community

How to Change Network Configurations for Blue/Green Amazon ECS Services

If you want to change the network settings for an Amazon ECS service using blue/green deployment with AWS CodeDeploy, you need to edit the AppSpec file and trigger a new deployment.

Without knowing this method, you'd either have to recreate the entire ECS service or give up on changing the network settings.

Background

For ECS services using blue/green deployment with AWS CodeDeploy, you cannot directly change the network settings.

When you try to make changes by calling the ECS UpdateService API, you will encounter the following error:

InvalidParameterException: Unable to update network parameters on services with a CODE_DEPLOY deployment controller. Use AWS CodeDeploy to trigger a new deployment.

This error message indicates that you need to trigger a new deployment with CodeDeploy, as noted in the documentation.

For services using the blue/green (CODE_DEPLOY) deployment controller, only the desired count, deployment configuration, health check grace period, task placement constraints and strategies, enable ECS managed tags option, and propagate tags can be updated using this API. If the network configuration, platform version, task definition, or load balancer need to be updated, create a new AWS CodeDeploy deployment. For more information, see CreateDeployment in the AWS CodeDeploy API Reference.

UpdateService - Amazon Elastic Container Service

Solution

Now that we know we need to trigger a new deployment, the question remains: how exactly should we do that?

The answer is to "edit the AppSpec file and then trigger a new deployment." If you trigger it without editing the AppSpec file, the network settings won't change.

In the case of appspec.yml, edit it as shown below.

        NetworkConfiguration:
          AwsvpcConfiguration:
            Subnets: ["subnet-1234abcd","subnet-5678abcd"]
            SecurityGroups: ["sg-12345678"]
            AssignPublicIp: "ENABLED"


AppSpec File example - AWS CodeDeploy

Specify the subnets, security groups, and whether or not to assign a public IP address for the ECS tasks in the AppSpec file.

When doing so, you need to specify all three: Subnets, SecurityGroups, and AssignPublicIp.

All or none of the settings under NetworkConfiguration must be specified. For example, if you want to specify Subnets, you must also specify SecurityGroups and AssignPublicIp. If none is specified, CodeDeploy uses the current network Amazon ECS settings.

AppSpec 'resources' section (Amazon ECS and AWS Lambda deployments only) - AWS CodeDeploy

After editing the AppSpec file, trigger a new deployment, and the network settings will be applied. The new ECS tasks in the green environment should start with the specified network configuration.

Once the deployment is complete, you can safely remove the NetworkConfiguration from the AppSpec file.

Conclusion

As described, even for Amazon ECS services using blue/green deployment with CodeDeploy, you can change the network settings by editing the AppSpec file and triggering a new deployment.

I almost ended up recreating the ECS service because I wasn't aware of this method. I hope this article helps those in a similar situation.

Top comments (0)