AWS announced that CloudFront now supports continuous deployment to test and validate the configuration changes with a portion of live traffic. The new feature of the AWS content delivery network simplifies blue-green and canary deployment strategies.
CloudFront continuous deployment is designed for scenarios like post-deployment verification, backward compatibility, or validating new features with a small subset of requests. Joe Viggiano, senior solutions architect at AWS, Carl Johnson, principal solutions architect at AWS, and Vishal Anand, principal product manager at AWS, explain:
Today’s existing industry solutions for providing the testing of CDN configuration changes require injecting custom headers at the client, overriding client DNS settings, or implementing separate test domains. This makes large-scale testing challenging. Customers may have to build complex feature flags into their applications (...) This approach lacks scalability, as well as the capability to steer production traffic percentages to make sure that the changes introduced do not negatively impact the workload.
With CloudFront continuous deployment, clients send requests to the primary distribution, and CloudFront routes some of them to a staging distribution based on the weight-based or header-based configuration settings in the continuous deployment policy. A weight-based configuration routes a specified percentage of viewer requests (up to 15%) to the staging distribution. A header-based configuration routes instead a request to the staging distribution according to a specific HTTP header.
Source: https://aws.amazon.com/blogs/networking-and-content-delivery/use-cloudfront-continuous-deployment-to-safely-validate-cdn-changes/
Both options can be used for testing the same deployment, validating first changes by header-based from known test users and devices, and then introducing production traffic using a weight-based configuration. Binding the viewer session to the environment, the new feature allows monitoring standard and real-time logs and quickly reverting to the previous configuration when a change negatively impacts the service. Viggiano, Johnson, and Anand write:
When testing is required, CloudFront now lets you create a staging distribution to associate with the production distribution. Origins, Origin Groups, Cache Behaviors, Customer Error Responses, Default Root Object, Logging, and Geographic Restrictions are among the settings that can be modified inside your staging distribution with more coming in the future.
The support of blue/green and canary deployments on the AWS CDN has been a long-term request by developers, with different threads on Reddit and Server Fault in the past. Yan Cui, cloud consultant and AWS Serverless Hero, questions the name:
Very cool, but I don't understand why it's called CloudFront "Continuous Deployment", rather than something like CloudFront Canary Deployment.
Primary and staging distributions do not share a cache. During periods of high resource utilization, CloudFront might send all requests to the primary distribution regardless of the continuous deployment policy. Among the current limitations, CloudFront continuous deployment is not supported for distributions where HTTP/3 is enabled.
The new feature is available across all the AWS edge locations using the console, SDK, CLI, or CloudFormation templates.