Canary Release and Blue Green Deployment on AWS

Question

I am currently implementing Canary Release and Blue Green Deployment on my Static Website on AWS S3. Basically, I created two S3 bucket (v1 and v2) and 2 cloud front (I didn't append the CNAME). Then, I create 2 A alias records in Route 53 with 50% each weight routing policy. However, I was being routed to v1 only using both laptop and mobile to access my domain. I even ask my colleague to open my domain and they're being routed to v1 as well.

It really puzzled me why there's no user being routed to v2?

AWS Static Web in S3

Answer 1

What you are explaining should work if you make use of "overlapping aliases" in Cloudfront. You configure one distribution to listen to app.example.com and the other one to *.example.com and use Route53 weighted routing for app.example.com

However weighted routing might not be ideal solution for canary releases. This is due to DNS propagation/caching and the fact that it is not sticky.

Like Michael suggests you might want to look into having 1 cloudfront and routing to bucket A/B using Lambda@Edge or Cloudfront functions. Here is an example.

Answer 2

The assigned dyyyexample.cloudfront.net and dzzzexample.cloudfront.net hostnames that route traffic to your CloudFront distributions go to the same place. CloudFront can't see your DNS alias entries, so it is unaware of which alias was followed.

Instead, it looks at the TLS SNI and the HTTP Host header the browser sends. It uses this information to match with the Alternate Domain Name for your distribution -- with no change to the DNS.

Your site's hostname, example.com, is only configured as the Alternate Domain Name on one of your distributions, because CloudFront does not allow you to provision the same value on more than one distribution.

If you swap that Alternate Domain Name entry to the other distribution, all traffic will move go the other distribution.

In short, CloudFront does not directly and natively support Blue/Green or Canary.

The workaround is to use a Lambda@Edge trigger and a cookie to latch each viewer to one origin or another. Lambda@Edge origin request trigger allows the origin to be changed while the request is in flight.

There is an A/B testing example in the docs, but that example swaps out the path. See the Dynamic Origin Selection examples for how to swap out the origin. Combining the logic of these two allows A/B testing across two buckets (or any two alternate back-ends).