惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

IT之家
IT之家
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
小众软件
小众软件
L
LangChain Blog
Cyberwarzone
Cyberwarzone
美团技术团队
The Register - Security
The Register - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tor Project blog
V
V2EX
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News: Ask HN
Hacker News: Ask HN
L
LINUX DO - 最新话题
Recent Announcements
Recent Announcements
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
aimingoo的专栏
aimingoo的专栏
人人都是产品经理
人人都是产品经理
F
Full Disclosure
V2EX - 技术
V2EX - 技术
The Cloudflare Blog
博客园 - 叶小钗
T
Threat Research - Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
G
GRAHAM CLULEY
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Latest news
Latest news
S
Security @ Cisco Blogs
Spread Privacy
Spread Privacy
Project Zero
Project Zero
K
Kaspersky official blog
MyScale Blog
MyScale Blog
Attack and Defense Labs
Attack and Defense Labs
云风的 BLOG
云风的 BLOG
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏
P
Privacy International News Feed
Google DeepMind News
Google DeepMind News
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Webroot Blog
Webroot Blog
罗磊的独立博客
Vercel News
Vercel News
N
News and Events Feed by Topic
A
Arctic Wolf
C
CERT Recently Published Vulnerability Notes

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Amazon ECS Deployment Strategies: Legacy CodeDeploy and the Native ECS Controller
Muhammad Ahm · 2026-04-26 · via DEV Community

If you have worked with Amazon ECS long enough, you have probably heard two different stories that both sound true.

The first says that if you want blue/green on ECS, you use AWS CodeDeploy. The second says that Amazon ECS now supports rolling, blue/green, canary, and linear deployments directly. Both are true — they just belong to different generations of the ECS deployment model.

The real distinction is not the rollout names; it is the control plane. In the legacy path, CodeDeploy owns the blue/green workflow and ECS participates through task sets. In the newer path, the ECS deployment controller owns the service deployment directly and tracks service revisions inside ECS itself.

That shift matters because most real environments are mixed. Existing services may still depend on the older CodeDeploy pattern, while new services can often standardize on the native ECS strategies. If you lead platform or DevOps work, you need to be comfortable in both worlds.

The one distinction that clears up most confusion

Amazon ECS separates the deployment controller from the deployment strategy.

A deployment controller is the control plane that runs the release. In practice, that means ECS for native ECS-managed deployments, CODE_DEPLOY for CodeDeploy-managed ECS blue/green, and EXTERNAL for a third-party deployment controller.

A deployment strategy is the rollout shape used by that controller. With the ECS deployment controller, ECS supports ROLLING, BLUE_GREEN, CANARY, and LINEAR.

Older write-ups often equate "ECS blue/green" with "CodeDeploy," but current AWS docs also describe native ECS blue/green, canary, and linear. Advanced ECS traffic shifting used to be a CodeDeploy-only capability. It is now also an ECS-native one.

Quick comparison: what changes in the traffic layer?

The fastest way to explain the entire topic is through the traffic layer.

Built-in rolling usually keeps the same listener and target-group path, with ECS replacing tasks in place.

Legacy CodeDeploy blue/green introduces the dual-target-group model, a production listener, and an optional test listener, with CodeDeploy deciding how traffic moves between blue and green task sets.

Built-in ECS blue/green, canary, and linear also use a dual-environment traffic model for managed shifting, but ECS now owns the listener-rule changes and the rollout behavior.

Aspect Native rolling Legacy CodeDeploy blue/green Native blue/green, canary, linear
Controller ECS CODE_DEPLOY ECS
Target groups Same target group; in-place Two target groups (blue and green) Primary + alternate (ALB)
Listener changes Usually none CodeDeploy updates production listener ECS updates listener rules
Rollout owner ECS scheduler CodeDeploy ECS deployment controller
Unit of deployment Tasks within service Task sets Service revisions
Test environment Not applicable Optional test listener Optional test listener / rule

Quick matrix — what changes in the traffic layer across built-in and legacy ECS deployment models.

Full comparison diagram

The same idea is clearer with the legacy and native models side by side.

Legacy CodeDeploy vs native ECS controller comparison

Figure 1 — Legacy CodeDeploy controller vs native ECS controller. Both use a dual-target-group pattern; the difference is who owns the rollout.

Part 1: The legacy model — CodeDeploy blue/green for Amazon ECS

For a long time, if a team wanted something safer than a standard ECS rolling update, it usually meant stepping into CodeDeploy-controlled blue/green.

In that model, the ECS service uses deploymentController = CODE_DEPLOY, the deployment is started through CodeDeploy, CodeDeploy creates a replacement green task set, traffic is shifted away from the original blue task set, and after success, blue is terminated according to deployment settings.

From the load-balancer point of view, the pattern is deliberate and explicit. Legacy CodeDeploy ECS blue/green requires two target groups, a production listener, and an optional test listener. One target group serves blue and the other serves green during deployment.

Note that legacy ECS traffic shifting can be all-at-once, canary, or linear — but those are CodeDeploy deployment configurations, not separate ECS-native strategies.

Legacy diagram 1 — CodeDeploy blue/green, all-at-once

The fastest legacy cutover. It is still blue/green because CodeDeploy creates and validates a replacement task set, then moves production traffic in one step.

Legacy CodeDeploy blue/green all-at-once sequence

Figure 2 — Legacy CodeDeploy blue/green, all-at-once. A single 0% → 100% production shift after green is provisioned.

Legacy diagram 2 — CodeDeploy blue/green, canary

The legacy two-phase rollout. CodeDeploy shifts a small percentage first, evaluates health and alarms during the canary interval, and only then shifts the remainder.

Legacy CodeDeploy blue/green canary sequence

Figure 3 — Legacy CodeDeploy blue/green, canary. ALB-based; uses a CodeDeployDefault.ECSCanary* deployment configuration.

Legacy diagram 3 — CodeDeploy blue/green, linear

The most gradual traffic-shift pattern in the legacy model. CodeDeploy increases traffic to green in equal steps, giving you more than one checkpoint before full cutover.

Legacy CodeDeploy blue/green linear sequence

Figure 4 — Legacy CodeDeploy blue/green, linear. ALB-based; uses a CodeDeployDefault.ECSLinear* deployment configuration.

Important legacy caveat — when the legacy model uses a Network Load Balancer, AWS documents all-at-once as the supported traffic-shift mode. That is why legacy canary and linear are presented here as ALB-based examples.

Part 2: The modern model — native Amazon ECS service deployments

The modern ECS deployment story is cleaner because the ECS deployment controller now owns the deployment behavior directly.

Instead of relying on CodeDeploy to manage replacement task sets, the native model works with ECS service deployments and service revisions. That reduces control-plane sprawl and turns the strategy choice into a single ECS concern rather than a multi-service orchestration problem.

For managed traffic shifting, AWS documents support through Application Load Balancer, Network Load Balancer, or Service Connect, depending on the pattern. The diagrams below use Application Load Balancer because that makes the traffic behavior easiest to follow visually.

Native strategy 1 — Rolling

Rolling remains the simplest native option. ECS launches new tasks, stops old tasks as deployment progresses, and follows the deployment configuration controlled by minimumHealthyPercent and maximumPercent.

From the traffic-layer point of view, rolling changes the least. The service typically stays on the same target-group path and ECS replaces tasks in place. ECS can support multiple target groups for some service designs, but that is a service capability, not a blue/green traffic-shift requirement.

Native ECS rolling deployment sequence

Figure 5 — Native ECS rolling deployment. Same target-group path; tasks are replaced in place under min-healthy / max-percent constraints.

Native strategy 2 — Blue/Green

Native ECS BLUE_GREEN is the closest built-in replacement for teams that used blue/green for safer cutovers and quick rollback.

The most important point: native ECS blue/green is not "blue/green with optional canary or linear." In the native model, BLUE_GREEN, CANARY, and LINEAR are separate strategies. Native blue/green performs an all-at-once production cutover after validation.

For ALB-based native blue/green, ECS uses a primary target group for blue, an alternate target group for green, a production listener rule for production traffic, and an optional test listener (or test rule) for validation traffic. ECS updates the listener rules during deployment.

Native ECS blue/green deployment sequence

Figure 6 — Native ECS blue/green. ECS owns the listener-rule swap. Primary TG = blue, alternate TG = green.

Native strategy 3 — Canary

Native ECS CANARY is the small-blast-radius strategy.

ECS launches the green service revision, can optionally validate it with test traffic, then shifts a configured small percentage of production traffic to green. ECS waits through the canary bake time, and if the deployment stays healthy, shifts the remaining traffic and waits through the deployment bake time before terminating blue.

The traffic model is straightforward: a small percentage first, the rest later.

Native ECS canary deployment sequence

Figure 7 — Native ECS canary. A single small slice, a bake window, then a full shift.

Native strategy 4 — Linear

Native ECS LINEAR is the most gradual rollout.

ECS launches green, optionally validates it, then shifts production traffic in equal percentage increments with a configured step bake time between increments. After reaching 100% green, ECS waits through the deployment bake time before terminating blue.

This fits services where you want more than one checkpoint and you expect some issues to appear only as traffic gradually increases.

Native ECS linear deployment sequence

Figure 8 — Native ECS linear. Equal-step shifts with a bake between each, then a deployment bake before teardown.

What actually changes between rolling and blue/green-style deployments?

Rolling Usually the same listener and same target-group path. No separate green traffic lane required. The ECS scheduler handles in-place task replacement.
Legacy CodeDeploy blue/green Two target groups required. A production listener is required. An optional test listener is available. CodeDeploy controls traffic movement between blue and green task sets.
Native ECS blue/green, canary, linear Managed traffic shifting requires ALB, NLB, or Service Connect. ALB examples use primary and alternate target groups. ECS controls the listener-rule changes and traffic movement.
Key distinction Canary and linear are NOT sub-modes of blue/green in native ECS. They are separate native strategies.

Summary of the practical differences across deployment models.

What I would choose in practice

If I were setting standards for an AWS platform team today, I would keep the defaults simple.

Use rolling when the service is low risk, backward compatibility is strong, and traffic shaping is unnecessary.

Use native blue/green when you want safer releases than rolling, you want validation before production cutover, and you do not need a gradual production ramp.

Use native canary when blast radius matters most and you want a small real-user slice before full cutover.

Use native linear when you want the smoothest progressive rollout and more checkpoints than canary provides.

Keep legacy CodeDeploy blue/green when services already run it successfully and migration would create more near-term risk than value.

Legacy CodeDeploy still matters because many production estates still run it, but the center of gravity for new ECS design has clearly moved toward native ECS deployment strategies.

The most common mistakes to avoid

  • Do not say native blue/green "contains" canary and linear. In native ECS, those are separate strategies.
  • Do not draw legacy canary or linear as NLB-based. The legacy NLB path supports all-at-once.
  • Do not imply rolling always uses exactly one target group. Rolling usually stays on the same target-group path, but ECS can support multiple target groups for some service designs.
  • Do not treat native ECS traffic shifting as a CodeDeploy feature. ECS supports native BLUE_GREEN, CANARY, and LINEAR with the ECS deployment controller.
  • Do not mix task-set language with service-revision language. Legacy CodeDeploy ECS blue/green uses task sets; native ECS deployments use service revisions.

Where to go next

This post compares legacy and ECS-native deployment strategies, but ECS-native deployments now include more capabilities than can comfortably fit into a comparison article. Built-in blue/green, canary, and linear deployment strategies support deployment lifecycle hooks — Lambda functions invoked at defined stages of a deployment, so teams can run automated validation, smoke tests, or custom checks before traffic shifts further.

These hooks pair naturally with a test listener or listener rule for pre-production validation against the green target group, as described in the ECS blue/green deployment workflow. They also work well with CloudWatch alarms and bake windows, where a failing alarm can trigger an automated rollback instead of requiring manual intervention. ECS canary and linear deployments extend the same idea by shifting production traffic gradually, giving teams multiple checkpoints to detect issues before 100% of traffic reaches the new revision.

If you already run CodeDeploy blue/green deployments and are wondering whether to migrate, AWS has published an official AWS Containers Blog post, Migrating from AWS CodeDeploy to Amazon ECS for blue/green deployments, that walks through the practical migration steps and key ECS deployment model changes. Pair it with the Migrate CodeDeploy blue/green deployments to Amazon ECS docs page for the reference details. Migration is not free — CodeDeploy deployments, ECS service revisions, and task sets use different mental models — but for most greenfield ECS services, the ECS-native model is now the better default going forward.