This module provides the capacity to build a full blue/green clustered stack using either Application Load Balancer or Network Load Balancer.
You can use this module to build a comprehensive, autoscaling stack based on any AMI, which can be rolled out using weighted DNS entries.
It will build the following artifacts:
- Blue ALB or NLB
- Green ALB or NLB
- Security groups for Blue ALB
- Security groups for Green ALb
- Route53 DNS entries for Blue ALB/NLB
- Route53 DNS entries for Green ALB/NLB
- Blue ASG
- Green ASG
- Blue Launch Configuration
- Green Launch Configuration
- Blue instances (launched by ASG)
- Green instances (launched by ASG)
- Blue instance security groups
- Green instance security groups
- Basic scaling policies
- S3 bucket for ALB logs
- Cloudwatch Logs Streams for applications
- Basic IAM Roles for cluster instances
Please see the following projects for implementation examples:
- terraform-aws-nodejs-webapp-blue-green
- terraform-aws-nginx-proxy-blue-green
- terraform-aws-squid-proxy-blue-green
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| blue_alb_http_tcp_listeners | The HTTP/TCP listeners to attach to the blue ALB | list | <list> |
no |
| blue_alb_http_tcp_listeners_count | The number of HTTP/TCP listeners to attach the blue ALB | string | "0" |
no |
| blue_alb_https_listeners | The listeners to attach to the blue ALB | list | <list> |
no |
| blue_alb_https_listeners_count | The number of HTTPS listeners to attach the blue ALB | string | "0" |
no |
| blue_application_ports | The ports the ALB should be able to connect to the blue cluster on | list | <list> |
no |
| blue_desired_capacity | The number of instances to put into the blue cluster | string | "1" |
no |
| blue_desired_capacity_start | How many instances to start when the ASG start hook is triggered | string | n/a | yes |
| blue_desired_capacity_stop | How many instances to stop when the ASG stop hook is triggered | string | n/a | yes |
| blue_external_alb_target_groups | The target groups to attach to the blue ALB | list | <list> |
no |
| blue_external_alb_target_groups_count | The number of target groups to attach to the blue ALB | string | "0" |
no |
| blue_external_nlb_target_groups | The target groups to attach to the blue ALB | list | <list> |
no |
| blue_external_nlb_target_groups_count | The number of target groups to attach to the blue ALB | string | "0" |
no |
| blue_image_id | The AMI ID to use for the blue cluster | string | n/a | yes |
| blue_instance_type | The instance type to use for the blue cluster | string | "t2.small" |
no |
| blue_internal_alb_target_groups | The target groups to attach to the blue ALB | list | <list> |
no |
| blue_internal_alb_target_groups_count | The number of target groups to attach to the blue ALB | string | "0" |
no |
| blue_internal_nlb_target_groups | The target groups to attach to the blue ALB | list | <list> |
no |
| blue_internal_nlb_target_groups_count | The number of target groups to attach to the blue ALB | string | "0" |
no |
| blue_max_size | The number of instances to put into the blue cluster | string | "1" |
no |
| blue_max_size_start | How many instances to start when the ASG start hook is triggered | string | n/a | yes |
| blue_max_size_stop | How many instances to stop when the ASG stop hook is triggered | string | n/a | yes |
| blue_min_size | The number of instances to put into the blue cluster | string | "1" |
no |
| blue_min_size_start | How many instances to start when the ASG start hook is triggered | string | n/a | yes |
| blue_min_size_stop | How many instances to stop when the ASG stop hook is triggered | string | n/a | yes |
| blue_nlb_http_tcp_listeners | The HTTP/TCP listeners to attach to the blue NLB | list | <list> |
no |
| blue_nlb_http_tcp_listeners_count | The number of HTTP/TCP listeners to attach the blue NLB | string | "0" |
no |
| blue_nlb_https_listeners | The listeners to attach to the blue NLB | list | <list> |
no |
| blue_nlb_https_listeners_count | The number of HTTPS listeners to attach the blue NLB | string | "0" |
no |
| blue_recurrence_start | When to start the instances | string | "false" |
no |
| blue_recurrence_stop | When to stop the instances | string | "false" |
no |
| blue_route53_aliases_name | List of ALB Route53 aliases | list | <list> |
no |
| blue_version_tag | The version of the blue product release | string | n/a | yes |
| blue_wait_for_capacity_timeout | How long to wait before timing out introducing the new green ASG instances | string | "0" |
no |
| blue_weight | Weight of the DNS record for the blue cluster | string | n/a | yes |
| cluster_name | What to name the blue/green cluster and all of its associated resources | string | n/a | yes |
| cost_code | The code for the costing | string | n/a | yes |
| external_alb_computed_egress_with_cidr_blocks | List of objects describing the egress cidr blocks rules permitted for the cluster albs | list | <list> |
no |
| external_alb_computed_egress_with_source_security_group_id | List of objects describing the inbound security group rules permitted on the albs for the cluster | list | <list> |
no |
| external_alb_computed_ingress_with_cidr_blocks | List of objects describing the ingress cidr blocks rules permitted for the loadbalancer | list | <list> |
no |
| external_alb_computed_ingress_with_source_security_group_id | List of objects describing the inbound security group rules permitted on the albs for the cluster albs | list | <list> |
no |
| external_alb_enabled | Whether to create an external ALB or not | string | "true" |
no |
| external_alb_number_of_computed_egress_with_cidr_blocks | The count of computed egress cidr blocks for the cluster albs | string | "0" |
no |
| external_alb_number_of_computed_egress_with_source_security_group_id | The count of computed egress security groups by ID for the cluster albs | string | "0" |
no |
| external_alb_number_of_computed_ingress_with_cidr_blocks | The count of computed ingress cidr blocks for the cluster albs | string | "0" |
no |
| external_alb_number_of_computed_ingress_with_source_security_group_id | The count of computed ingress security groups by ID for the cluster albs | string | "0" |
no |
| external_alb_route53_zone_id | The route 53 zone ID to use for the ALB DNS entries | string | "" |
no |
| external_alb_security_groups | Attach security groups directly to the ALB by their ID | list | <list> |
no |
| external_alb_subnet_ids | An list of subnet ID to attach the ELB to which are within the specified VPC | string | "" |
no |
| external_nlb_enabled | Whether to create an NLB or not | string | "false" |
no |
| external_nlb_route53_zone_id | The route 53 zone ID to use for the NLB DNS entries | string | "" |
no |
| external_nlb_subnet_ids | An list of subnet ID to attach the ELB to which are within the specified VPC | string | "" |
no |
| green_alb_http_tcp_listeners | The HTTP/TCP listeners to attach to the green ALB | list | <list> |
no |
| green_alb_http_tcp_listeners_count | The number of HTTP/TCP listeners to attach the green ALB | string | "0" |
no |
| green_alb_https_listeners | The listeners to attach to the green ALB | list | <list> |
no |
| green_alb_https_listeners_count | The number of HTTPS listeners to attach the green ALB | string | "0" |
no |
| green_application_ports | The ports the ALB should be able to connect to the green cluster on | list | <list> |
no |
| green_desired_capacity | The number of instances to put into the green cluster | string | "1" |
no |
| green_desired_capacity_start | How many instances to start when the ASG start hook is triggered | string | n/a | yes |
| green_desired_capacity_stop | How many instances to stop when the ASG stop hook is triggered | string | n/a | yes |
| green_external_alb_target_groups | The target groups to attach to the green ALB | list | <list> |
no |
| green_external_alb_target_groups_count | The number of target groups to attach to the green ALB | string | "0" |
no |
| green_external_nlb_target_groups | The target groups to attach to the green NLB | list | <list> |
no |
| green_external_nlb_target_groups_count | The number of target groups to attach to the green NLB | string | "0" |
no |
| green_image_id | The AMI ID to use for the green cluster | string | n/a | yes |
| green_instance_type | The instance type to use for the green cluster | string | "t2.small" |
no |
| green_internal_alb_target_groups | The target groups to attach to the green ALB | list | <list> |
no |
| green_internal_alb_target_groups_count | The number of target groups to attach to the green ALB | string | "0" |
no |
| green_internal_nlb_target_groups | The target groups to attach to the green NLB | list | <list> |
no |
| green_internal_nlb_target_groups_count | The number of target groups to attach to the green NLB | string | "0" |
no |
| green_max_size | The number of instances to put into the green cluster | string | "1" |
no |
| green_max_size_start | How many instances to start when the ASG start hook is triggered | string | n/a | yes |
| green_max_size_stop | How many instances to stop when the ASG stop hook is triggered | string | n/a | yes |
| green_min_size | The number of instances to put into the green cluster | string | "1" |
no |
| green_min_size_start | How many instances to start when the ASG start hook is triggered | string | n/a | yes |
| green_min_size_stop | How many instances to stop when the ASG stop hook is triggered | string | n/a | yes |
| green_nlb_http_tcp_listeners | The HTTP/TCP listeners to attach to the green NLB | list | <list> |
no |
| green_nlb_http_tcp_listeners_count | The number of HTTP/TCP listeners to attach the green NLB | string | "0" |
no |
| green_nlb_https_listeners | The listeners to attach to the green NLB | list | <list> |
no |
| green_nlb_https_listeners_count | The number of HTTPS listeners to attach the green NLB | string | "0" |
no |
| green_recurrence_start | When to start the green instances | string | "false" |
no |
| green_recurrence_stop | When to stop the green instances | string | "false" |
no |
| green_route53_aliases_name | List of ALB Route53 aliases | list | <list> |
no |
| green_target_groups | The target groups to attach to the green ALB | list | <list> |
no |
| green_target_groups_count | The number of target groups to attach to the green ALB | string | "0" |
no |
| green_version_tag | The version of the green product release | string | n/a | yes |
| green_wait_for_capacity_timeout | How long to wait before timing out introducing the new green ASG instances | string | "0" |
no |
| green_weight | Weight of the DNS record for the green cluster | string | n/a | yes |
| iam_policies | The IAM policies to attach to the IAM role for the cluster instances | list | <list> |
no |
| instance_computed_egress_with_cidr_blocks | List of objects describing the egress cidr blocks rules permitted for the cluster instances | list | <list> |
no |
| instance_computed_egress_with_source_security_group_id | List of objects describing the inbound security group rules permitted on the instances for the cluster | list | <list> |
no |
| instance_computed_ingress_with_cidr_blocks | List of objects describing the ingress cidr blocks rules permitted for the loadbalancer | list | <list> |
no |
| instance_computed_ingress_with_source_security_group_id | List of objects describing the inbound security group rules permitted on the instances for the cluster instances | list | <list> |
no |
| instance_number_of_computed_egress_with_cidr_blocks | The count of computed egress cidr blocks for the cluster instances | string | "0" |
no |
| instance_number_of_computed_egress_with_source_security_group_id | The count of computed egress security groups by ID for the cluster instances | string | "0" |
no |
| instance_number_of_computed_ingress_with_cidr_blocks | The count of computed ingress cidr blocks for the cluster instances | string | "0" |
no |
| instance_number_of_computed_ingress_with_source_security_group_id | The count of computed ingress security groups by ID for the cluster instances | string | "0" |
no |
| instance_route53_zone_id | The route 53 zone ID to use for the instance DNS entries | string | n/a | yes |
| instance_security_groups | Attach security groups directly to the instances by their ID | list | <list> |
no |
| instance_subnet_ids | An list of subnet IDs which are within the specified VPC | list | <list> |
no |
| internal_alb_computed_egress_with_cidr_blocks | List of objects describing the egress cidr blocks rules permitted for the cluster albs | list | <list> |
no |
| internal_alb_computed_egress_with_source_security_group_id | List of objects describing the inbound security group rules permitted on the albs for the cluster | list | <list> |
no |
| internal_alb_computed_ingress_with_cidr_blocks | List of objects describing the ingress cidr blocks rules permitted for the loadbalancer | list | <list> |
no |
| internal_alb_computed_ingress_with_source_security_group_id | List of objects describing the inbound security group rules permitted on the albs for the cluster albs | list | <list> |
no |
| internal_alb_enabled | Whether to create an internal ALB or not | string | "true" |
no |
| internal_alb_number_of_computed_egress_with_cidr_blocks | The count of computed egress cidr blocks for the cluster albs | string | "0" |
no |
| internal_alb_number_of_computed_egress_with_source_security_group_id | The count of computed egress security groups by ID for the cluster albs | string | "0" |
no |
| internal_alb_number_of_computed_ingress_with_cidr_blocks | The count of computed ingress cidr blocks for the cluster albs | string | "0" |
no |
| internal_alb_number_of_computed_ingress_with_source_security_group_id | The count of computed ingress security groups by ID for the cluster albs | string | "0" |
no |
| internal_alb_route53_zone_id | The route 53 zone ID to use for the ALB DNS entries | string | "" |
no |
| internal_alb_security_groups | Attach security groups directly to the ALB by their ID | list | <list> |
no |
| internal_alb_subnet_ids | An list of subnet ID to attach the ELB to which are within the specified VPC | string | "" |
no |
| internal_nlb_enabled | Whether to create an NLB or not | string | "false" |
no |
| internal_nlb_route53_zone_id | The route 53 zone ID to use for the NLB DNS entries | string | "" |
no |
| internal_nlb_subnet_ids | An list of subnet ID to attach the ELB to which are within the specified VPC | string | "" |
no |
| owner | Product owner email address | string | n/a | yes |
| product | Product | string | n/a | yes |
| product_family | The product family of the project, e.g. FA | string | n/a | yes |
| role | Role of the product within the account | string | n/a | yes |
| ssh_key_name | The name of an EC2 Key Pair that can be used to SSH to the EC2 Instances in this cluster. Set to an empty string to not associate a Key Pair. | string | "" |
no |
| tags | Additional tags to add to the cluster. | list | <list> |
no |
| vpc_id | The ID of the VPC to launch the instances into | string | n/a | yes |
| Name | Description |
|---|---|
| blue_external_alb_dns_name | |
| blue_external_alb_http_tcp_listener_arns | |
| blue_external_alb_http_tcp_listener_ids | |
| blue_external_alb_https_listener_arns | |
| blue_external_alb_https_listener_ids | |
| blue_external_alb_load_balancer_arn_suffix | |
| blue_external_alb_load_balancer_id | |
| blue_external_alb_load_balancer_zone_id | |
| blue_external_alb_security_group_id | |
| blue_external_alb_target_group_arn_suffixes | |
| blue_external_alb_target_group_arns | |
| blue_external_alb_target_group_names | |
| blue_external_nlb_dns_name | |
| blue_external_nlb_http_tcp_listener_arns | |
| blue_external_nlb_http_tcp_listener_ids | |
| blue_external_nlb_https_listener_arns | |
| blue_external_nlb_https_listener_ids | |
| blue_external_nlb_load_balancer_arn_suffix | |
| blue_external_nlb_load_balancer_id | |
| blue_external_nlb_load_balancer_zone_id | |
| blue_external_nlb_target_group_arn_suffixes | |
| blue_external_nlb_target_group_arns | |
| blue_external_nlb_target_group_names | |
| blue_internal_alb_dns_name | |
| blue_internal_alb_http_tcp_listener_arns | |
| blue_internal_alb_http_tcp_listener_ids | |
| blue_internal_alb_https_listener_arns | |
| blue_internal_alb_https_listener_ids | |
| blue_internal_alb_load_balancer_arn_suffix | |
| blue_internal_alb_load_balancer_id | |
| blue_internal_alb_load_balancer_zone_id | |
| blue_internal_alb_security_group_id | |
| blue_internal_alb_target_group_arn_suffixes | |
| blue_internal_alb_target_group_arns | |
| blue_internal_alb_target_group_names | |
| blue_internal_nlb_dns_name | |
| blue_internal_nlb_http_tcp_listener_arns | |
| blue_internal_nlb_http_tcp_listener_ids | |
| blue_internal_nlb_https_listener_arns | |
| blue_internal_nlb_https_listener_ids | |
| blue_internal_nlb_load_balancer_arn_suffix | |
| blue_internal_nlb_load_balancer_id | |
| blue_internal_nlb_load_balancer_zone_id | |
| blue_internal_nlb_target_group_arn_suffixes | |
| blue_internal_nlb_target_group_arns | |
| blue_internal_nlb_target_group_names | |
| cluster_security_group_id | |
| external_alb_weighted_dns_name | |
| external_alb_weighted_fqdn | |
| external_nlb_weighted_dns_name | |
| external_nlb_weighted_fqdn | |
| green_external_alb_dns_name | |
| green_external_alb_http_tcp_listener_arns | |
| green_external_alb_http_tcp_listener_ids | |
| green_external_alb_https_listener_arns | |
| green_external_alb_https_listener_ids | |
| green_external_alb_load_balancer_arn_suffix | |
| green_external_alb_load_balancer_id | |
| green_external_alb_load_balancer_zone_id | |
| green_external_alb_security_group_id | |
| green_external_alb_target_group_arn_suffixes | |
| green_external_alb_target_group_arns | |
| green_external_alb_target_group_names | |
| green_external_nlb_dns_name | |
| green_external_nlb_http_tcp_listener_arns | |
| green_external_nlb_http_tcp_listener_ids | |
| green_external_nlb_https_listener_arns | |
| green_external_nlb_https_listener_ids | |
| green_external_nlb_load_balancer_arn_suffix | |
| green_external_nlb_load_balancer_id | |
| green_external_nlb_load_balancer_zone_id | |
| green_external_nlb_target_group_arn_suffixes | |
| green_external_nlb_target_group_arns | |
| green_external_nlb_target_group_names | |
| green_internal_alb_dns_name | |
| green_internal_alb_http_tcp_listener_arns | |
| green_internal_alb_http_tcp_listener_ids | |
| green_internal_alb_https_listener_arns | |
| green_internal_alb_https_listener_ids | |
| green_internal_alb_load_balancer_arn_suffix | |
| green_internal_alb_load_balancer_id | |
| green_internal_alb_load_balancer_zone_id | |
| green_internal_alb_security_group_id | |
| green_internal_alb_target_group_arn_suffixes | |
| green_internal_alb_target_group_arns | |
| green_internal_alb_target_group_names | |
| green_internal_nlb_dns_name | |
| green_internal_nlb_http_tcp_listener_arns | |
| green_internal_nlb_http_tcp_listener_ids | |
| green_internal_nlb_https_listener_arns | |
| green_internal_nlb_https_listener_ids | |
| green_internal_nlb_load_balancer_arn_suffix | |
| green_internal_nlb_load_balancer_id | |
| green_internal_nlb_load_balancer_zone_id | |
| green_internal_nlb_target_group_arn_suffixes | |
| green_internal_nlb_target_group_arns | |
| green_internal_nlb_target_group_names | |
| instance_iam_role_arn | |
| instance_security_group_id | |
| internal_alb_weighted_dns_name | |
| internal_alb_weighted_fqdn | |
| internal_nlb_weighted_dns_name | |
| internal_nlb_weighted_fqdn |