I am following this AWS guide to create a CodeDeploy blue/green deployment on ECS. In the example I've modified the Lambda hook function AfterAllowTestTraffic to make a simple axios.get(<application_load_balancer_dns:test-listener-port>) call for the test listener on port 8080, which should return 200 if the replacement task is successfully deployed.
However, it seems that the Lambda function is called too early during AfterAllowTestTraffic, because it originally hits the original task set (blue) and returns 200 resulting in a successful deploy, despite documentation saying the below:
AfterAllowTestTraffic – Use to run tasks after the test listener serves traffic to the replacement task set
This is unexpected behaviour because I deliberately deployed a broken replacement (green) task using this hook, so it should have failed since the test traffic would be serving the broken green task.
I tested this by implementing a timeout in the Lambda function, and then pinging the URL 10 seconds later - this returned a 502 error as expected. I also verified in ECS logs that the axios call incorrectly hit the blue task, before subsequently hitting the green one. Access logs for the application load balancer also show the axios call to the blue target group.
There must be something I'm missing here, but it doesn't make any sense to us. Any insight would be much appreciated!
AWS OFFICIALUpdated 3 years ago
I've seen the same problem, at least with NLBs with TCP. The hook is invoked actually before the redirection of the test listener to the green target group is effective. The request ends up in the blue target group.