Deploy on Friday: The ECS Blue/Green Safety Net

"Never deploy on Friday" is folklore from an era when rollbacks meant scp-ing the old JAR back and praying. With ECS + CodeDeploy blue/green, the rollback is a CloudWatch alarm flip — and that's a compliance superpower.

The setup

• Two target groups behind one ALB listener.
• CodeDeploy orchestrates the shift from blue → green via a test listener on port 8080 → production listener on 443.
• CloudWatch alarms on 5xx rate, p95 latency, and custom business metrics.
• Hook Lambdas that run smoke tests before traffic shift.

The deploy lifecycle

Push ─► CI builds image ─► Pushed to ECR
        │
        └─► CodeDeploy creates green task set
              │
              ├─► Hook: pre-traffic smoke test
              ├─► Shift 10% traffic, watch alarms for 5min
              ├─► Shift 100%, watch alarms for 15min
              └─► Drain blue, done

If any alarm fires during the bake, CodeDeploy automatically shifts back to blue. The engineer's pager goes off, the customer never sees it.

Why auditors love it

• Every deploy is logged with version, image digest, and approver.
• Rollback is automatic — you don't have a "did the on-call person remember the rollback steps at 2am" risk.
• The blast radius is bounded by the canary shift percentages.

Friday-afternoon deploys aren't reckless. Manual Friday-afternoon deploys are reckless. Automated, alarmed, blue/green deploys are just Tuesday.