DevOps

Deploy on Friday: The ECS Blue/Green Safety Net

Compliance requires availability. How to set up AWS CodeDeploy with ECS Fargate for safe, auditable, weekend-proof deployments.

·2 min read·
#ECS#BlueGreen#CodeDeploy#DevOps

"Never deploy on Friday" is folklore from an era when rollbacks meant scp-ing the old JAR back and praying. With ECS + CodeDeploy blue/green, the rollback is a CloudWatch alarm flip — and that's a compliance superpower.

The setup

  • Two target groups behind one ALB listener.
  • CodeDeploy orchestrates the shift from blue → green via a test listener on port 8080 → production listener on 443.
  • CloudWatch alarms on 5xx rate, p95 latency, and custom business metrics.
  • Hook Lambdas that run smoke tests before traffic shift.

The deploy lifecycle

Push ─► CI builds image ─► Pushed to ECR
        │
        └─► CodeDeploy creates green task set
              │
              ├─► Hook: pre-traffic smoke test
              ├─► Shift 10% traffic, watch alarms for 5min
              ├─► Shift 100%, watch alarms for 15min
              └─► Drain blue, done

If any alarm fires during the bake, CodeDeploy automatically shifts back to blue. The engineer's pager goes off, the customer never sees it.

Why auditors love it

  • Every deploy is logged with version, image digest, and approver.
  • Rollback is automatic — you don't have a "did the on-call person remember the rollback steps at 2am" risk.
  • The blast radius is bounded by the canary shift percentages.

The practical rule

Friday deploys become safe when rollback is automated, alarms are trusted, and smoke tests run before users see the new task set. That is the real lesson, not the day of the week.

Start with the AWS CodeDeploy blue/green documentation, then wire the deployment to the metrics your customers actually feel: failed requests, latency, queue depth, and checkout or workflow completion. If those alarms fire, the platform should roll back before a human starts debugging.

Friday-afternoon deploys aren't reckless. Manual Friday-afternoon deploys are reckless. Automated, alarmed, blue/green deploys are just Tuesday.

The release checklist should be boring: image digest recorded, migration plan reviewed, alarms green, smoke tests passing, rollback automatic, and on-call aware. When those controls exist, the calendar matters less than the quality of the deployment system.

That is delivery maturity.

Closing thought

The fear of Friday deploys is really a fear of unsafe deploys. Fix the deploy, and the calendar stops mattering. Every team I have seen earn back Friday confidence did the same three things: automated rollback, customer-facing SLO alarms, and a boring release checklist that runs the same way every time.

What "boring" looks like in practice

  • Image digest captured pre-deploy
  • Migration runs forward-compatible; reversible within one click
  • Canary at 5% with auto-promote on healthy metrics
  • Rollback path tested every sprint, not only during incidents
Public profile lookup

Ask AI About the Author

Open this query in ChatGPT, Claude, or Perplexity.

Comments

Comments are open to confirmed email subscribers. Use the email you subscribed with. To edit a comment, delete it and post a new one.

0/2000
Verify:

    Get new field notes by email

    Field notes from someone who ships before they write about it. Sovereign AI, AI-SDLC, DevOps, and what 59 production deployments teach you. No spam. Unsubscribe anytime.

    Related field notes