Managing RDS PostgreSQL Blue/Green Deployment with Terraform.

A primary reason why blue-green deployment is so valuable is its capacity to test and validate changes before an environment becomes active, along with the ability to swiftly roll back if any issues arise. AWS Blue/Green Deployment, for example, offers the ability to thoroughly test major version changes for a RDS PostgreSQL database before the final cutover. However, a significant challenge emerges when using Terraform as your Infrastructure as Code (IaC) tool.

The Terraform Challenge

When performing a major version upgrade with Terraform, the process seems straightforward. It merely requires adding blue_green_update = { enabled = true } to your code or module and bumping the database version to your target. During the terraform apply command, the tool automates a series of steps: it creates the "green" instance, initializes its storage, upgrades the "green" instance to the new version, initialize the storage again, and then performs a switchover, making the "green" instance the new "blue." Finally, it renames and deletes the original "blue" instance.

The ideal practice with Terraform is to manage all changes through your codebase and run an apply to ensure there's no drift between your code and your live resources. Unfortunately, the current implementation of blue-green deployment in Terraform does not provide the flexibility to keep the new "green" instance around for extensive validation. Furthermore, it doesn't retain the old instance for a quick, native rollback via Terraform. While AWS Blue/Green Deployment itself doesn't offer a direct switch-over back to the original “blue instance, performing the operation outside of Terraform's IaC workflow provides a workaround. This allows you to manually rename the endpoint of the old “blue” instance back to the original and potentially move traffic back if a rollback becomes necessary.

Despite these limitations, using Terraform for blue-green deployments still provides substantial benefits. It automates the configuration, upgrade, switchover, and cleanup processes, significantly reducing manual effort. The crucial advantage of having limited downtime during a major version upgrade remains fully intact.

An enhancement request has been opened here to "Allow creating blue-green deployment without running switchover," which would address the validation challenge. If you wish to see this feature implemented sooner, you should consider voting for this enhancement request.