Deploy blue/green infrastructure

Infrastructure updates cause downtime, disrupt services, and create risk when deployed directly to production. Traditional deployment strategies require taking systems offline for upgrades, causing revenue loss and poor user experience. Deploy infrastructure using blue/green strategies to achieve zero downtime during updates, enable safe testing in production-equivalent environments, and provide instant rollback capabilities.

Blue/green infrastructure deployments maintain two identical environments, a blue environment that represents your current production environment and a green environment that represents your new environment. Blue/green environments also have a mechanism to route traffic between them. Use Terraform modules to deploy identical infrastructure with different configurations, test changes in the green environment, and switch traffic when ready.

The following diagram shows a basic blue/green deployment:

Typical blue/green deployment. The green environment runs in parallel with the blue environment. When you are ready to switch to the green environment the load balancer directs traffic to the green environment.

Infrastructure as code allows you to describe your environment as code and consistently deploy identical blue and green environments. Deploy your green infrastructure environment only when needed, test it thoroughly, then switch traffic and tear down the blue environment to reduce costs.

Why deploy blue/green infrastructure

Deploying infrastructure with blue/green strategies addresses the following operational challenges:

Eliminate downtime during infrastructure updates: Traditional infrastructure updates require taking systems offline, causing service disruptions and revenue loss. Blue/green deployments maintain two identical environments, allowing you to switch traffic instantly without downtime.
Enable safe testing in production-equivalent environments: Testing infrastructure changes in staging environments often misses production-specific issues. Blue/green deployments let you test changes in a production environment before switching traffic.
Provide rollback capabilities: When infrastructure changes cause issues, traditional deployments require time-consuming rollback procedures. Blue/green deployments allow traffic switching back to the previous environment, reducing mean time to recovery.
Reduce deployment risk and blast radius: Deploying infrastructure changes directly to production creates risk of widespread failures. Blue/green deployments isolate changes in the green environment, limiting impact until you verify the deployment works correctly.

Implement blue/green with Terraform modules

Use Terraform modules to deploy identical infrastructure for blue and green environments. Create a reusable module that defines your infrastructure, then instantiate it twice with different environment variables.

The following example shows a Terraform module structure for blue/green infrastructure:

modules/infrastructure/main.tf

variable "environment" {
  description = "Environment identifier (blue or green)"
  type        = string
}

resource "aws_instance" "web" {
  ami           = var.ami_id
  instance_type = var.instance_type

  tags = {
    Name        = "web-server-${var.environment}"
    Environment = var.environment
  }
}

resource "aws_lb_target_group" "web" {
  name     = "web-targets-${var.environment}"
  port     = 80
  protocol = "HTTP"
  vpc_id   = var.vpc_id

  health_check {
    enabled           = true
    healthy_threshold = 2
    path              = "/health"
  }
}

output "target_group_arn" {
  value = aws_lb_target_group.web.arn
}

main.tf

# Instantiate blue and green environments
module "blue_infrastructure" {
  source = "./modules/infrastructure"

  environment   = "blue"
  instance_type = "t3.micro"
  ami_id        = var.blue_ami_id
  vpc_id        = aws_vpc.main.id
}

module "green_infrastructure" {
  source = "./modules/infrastructure"

  environment   = "green"
  instance_type = "t3.micro"
  ami_id        = var.green_ami_id
  vpc_id        = aws_vpc.main.id
}

# Switch traffic using variable
variable "active_environment" {
  description = "Active environment (blue or green)"
  type        = string
  default     = "blue"
}

resource "aws_lb_listener" "http" {
  load_balancer_arn = aws_lb.main.arn
  port              = "80"
  protocol          = "HTTP"

  default_action {
    type             = "forward"
    target_group_arn = var.active_environment == "blue" ? module.blue_infrastructure.target_group_arn : module.green_infrastructure.target_group_arn
  }
}

The Terraform configuration creates two identical infrastructure environments with different AMI IDs. The load balancer routes traffic based on the active_environment variable. To switch from blue to green, update active_environment = "green" and run terraform apply. The load balancer immediately routes traffic to the green environment, achieving zero-downtime deployment.

To learn how to implement this pattern with AWS Application Load Balancers and target groups, follow the blue-green and canary deployments tutorial.

Deployment workflow

Use the following workflow to deploy infrastructure changes using blue/green:

Deploy green environment: Run terraform apply to create green infrastructure alongside blue
Test green environment: Verify health checks pass and infrastructure performs correctly
Switch traffic: Update active_environment = "green" and apply changes
Monitor green environment: Confirm green handles production load successfully
Destroy blue environment: Remove blue infrastructure after confirming green stability

This workflow minimizes risk by validating changes before switching traffic and maintaining the ability to instantly rollback by switching the active_environment variable.

HashiCorp resources:

Learn about zero-downtime deployment strategies overview
Deploy applications with zero downtime
Deploy with traffic splitting using service mesh
Implement atomic deployments with Terraform modules
Learn how to package applications for deployment
Implement automated testing for infrastructure changes
Use infrastructure as code for blue/green environments
Implement a GitOps workflow for automated deployments
Learn Terraform with the Terraform tutorials and the Terraform documentation
Read Feature Toggles, Blue-Green Deployments & Canary Tests with Terraform - HashiCorp blog by Rosemary Wang

External resources:

Blue Green Deployment - Martin Fowler's definition and patterns

Next steps

In this section of Zero-downtime deployments, you learned how to deploy infrastructure changes with blue/green strategies using Terraform modules and load balancers. Blue/green infrastructure deployments are part of the Define and automate processes pillar.

Refer to the following documents to learn more about deployment strategies:

Learn zero-downtime deployments strategies
Deploy applications with zero downtime
Deploy traffic splitting with service mesh