Bird
Raised Fist0
Terraformcloud~10 mins

Blue-green infrastructure pattern in Terraform - Step-by-Step Execution

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Process Flow - Blue-green infrastructure pattern
Deploy Blue Environment
Route Traffic to Blue
Deploy Green Environment
Switch Traffic to Green
Blue Environment Idle
Update or Rollback as Needed
This flow shows deploying two identical environments (blue and green), routing traffic to one while updating the other, then switching traffic to the updated environment.
Execution Sample
Terraform
resource "aws_instance" "blue" {
  ami           = "ami-123456"
  instance_type = "t2.micro"
}

resource "aws_instance" "green" {
  ami           = "ami-123456"
  instance_type = "t2.micro"
}
This Terraform code defines two identical AWS instances representing blue and green environments.
Process Table
StepActionBlue Environment StateGreen Environment StateTraffic Routing
1Deploy Blue EnvironmentRunningNot DeployedTraffic to Blue
2Deploy Green EnvironmentRunningRunningTraffic to Blue
3Switch Traffic to GreenRunningRunningTraffic to Green
4Blue Environment IdleRunning (Idle)Running (Active)Traffic to Green
5Update or Rollback BlueUpdated or Rolled BackRunning (Active)Traffic to Green
6EndStableStableTraffic to Green
💡 Traffic switched to green environment; blue environment is idle and ready for updates or rollback.
Status Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4After Step 5Final
Blue EnvironmentNot DeployedRunningRunningRunningRunning (Idle)Updated or Rolled BackStable
Green EnvironmentNot DeployedNot DeployedRunningRunningRunning (Active)Running (Active)Stable
Traffic RoutingNoneTraffic to BlueTraffic to BlueTraffic to GreenTraffic to GreenTraffic to GreenTraffic to Green
Key Moments - 3 Insights
Why do we keep the old environment running after switching traffic?
Keeping the old environment running (see Step 4 in execution_table) allows quick rollback if the new environment has issues.
When is the green environment deployed?
The green environment is deployed after the blue is running (Step 2), so we have two identical environments before switching traffic.
How does traffic routing change during deployment?
Traffic is initially routed to blue (Steps 1 and 2), then switched to green (Step 3) once green is ready.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, at which step does traffic switch to the green environment?
AStep 4
BStep 2
CStep 3
DStep 5
💡 Hint
Check the 'Traffic Routing' column in execution_table rows.
According to variable_tracker, what is the state of the blue environment after Step 5?
ANot Deployed
BUpdated or Rolled Back
CRunning (Active)
DTerminated
💡 Hint
Look at the 'Blue Environment' row under 'After Step 5' in variable_tracker.
If traffic was switched to green before deploying it, what would happen in the execution_table?
ATraffic would route to green while green is not running
BBlue environment would be idle earlier
CGreen environment would be updated first
DTraffic would remain on blue
💡 Hint
Consider the 'Traffic Routing' and environment states in execution_table.
Concept Snapshot
Blue-green pattern deploys two identical environments.
Traffic routes to one (blue) while the other (green) is updated.
Switch traffic to green when ready.
Old environment stays idle for quick rollback.
Ensures zero downtime and safer updates.
Full Transcript
The blue-green infrastructure pattern involves deploying two identical environments called blue and green. Initially, traffic is routed to the blue environment while the green environment is deployed and updated. Once the green environment is ready, traffic switches to it, and the blue environment becomes idle but remains running. This setup allows quick rollback if needed by switching traffic back to blue. The pattern ensures zero downtime and safer updates by having two environments ready and switching traffic between them.

Practice

(1/5)
1. What is the main purpose of the blue-green infrastructure pattern in Terraform deployments?
easy
A. To reduce infrastructure costs by using a single environment
B. To automate database backups during deployment
C. To increase the number of servers in a single environment
D. To avoid downtime by switching traffic between two identical environments

Solution

  1. Step 1: Understand the blue-green pattern concept

    The blue-green pattern uses two identical environments to ensure zero downtime during updates.

  2. Step 2: Identify the main goal in Terraform deployments

    Terraform manages these environments and switches traffic between them to avoid downtime.

  3. Final Answer:

    To avoid downtime by switching traffic between two identical environments -> Option D

  4. Quick Check:

    Blue-green pattern = avoid downtime [OK]
Hint: Remember: blue-green means two environments for zero downtime [OK]
Common Mistakes:
  • Thinking it reduces costs by using one environment
  • Confusing it with scaling servers in one environment
  • Assuming it automates backups
2. Which Terraform resource is commonly used to switch traffic between blue and green environments in a blue-green deployment?
easy
A. aws_lb_listener_rule
B. aws_instance
C. aws_s3_bucket
D. aws_security_group

Solution

  1. Step 1: Identify Terraform resources related to traffic routing

    Load balancer listener rules control how traffic is routed to target groups.

  2. Step 2: Match resource to blue-green traffic switch

    The aws_lb_listener_rule resource allows switching traffic between blue and green target groups.

  3. Final Answer:

    aws_lb_listener_rule -> Option A

  4. Quick Check:

    Traffic switch uses listener rules [OK]
Hint: Traffic routing uses listener rules, not instances or buckets [OK]
Common Mistakes:
  • Choosing aws_instance which manages servers, not traffic
  • Selecting aws_s3_bucket which is for storage
  • Picking aws_security_group which controls firewall rules
3. Given this Terraform snippet for blue-green deployment traffic switching: 
resource "aws_lb_listener_rule" "blue" {
  listener_arn = aws_lb_listener.front_end.arn
  priority     = 10
  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.blue.arn
  }
  condition {
    path_pattern {
      values = ["/blue/*"]
    }
  }
}

resource "aws_lb_listener_rule" "green" {
  listener_arn = aws_lb_listener.front_end.arn
  priority     = 20
  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.green.arn
  }
  condition {
    path_pattern {
      values = ["/green/*"]
    }
  }
}
What happens when a user visits /green/home?
medium
A. Traffic is routed to the green target group
B. Traffic is routed to both blue and green target groups
C. Traffic is blocked by the load balancer
D. Traffic is routed to the blue target group

Solution

  1. Step 1: Analyze path pattern conditions in listener rules

    The green listener rule matches paths starting with /green/* and forwards to the green target group.

  2. Step 2: Match user request path to rules

    The request /green/home matches the green rule condition, so traffic goes to the green target group.

  3. Final Answer:

    Traffic is routed to the green target group -> Option A

  4. Quick Check:

    Path /green/* routes to green group [OK]
Hint: Match URL path to listener rule path pattern [OK]
Common Mistakes:
  • Assuming default routing to blue group
  • Thinking traffic is blocked without default rule
  • Believing traffic splits between groups
4. You wrote this Terraform code to switch traffic in a blue-green setup but the traffic does not switch as expected: 
resource "aws_lb_listener_rule" "blue" {
  listener_arn = aws_lb_listener.front_end.arn
  priority     = 10
  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.blue.arn
  }
  condition {
    host_header {
      values = ["blue.example.com"]
    }
  }
}

resource "aws_lb_listener_rule" "green" {
  listener_arn = aws_lb_listener.front_end.arn
  priority     = 10
  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.green.arn
  }
  condition {
    host_header {
      values = ["green.example.com"]
    }
  }
}
What is the likely problem?
medium
A. Target groups are not defined correctly
B. Host header condition is invalid for load balancers
C. Both listener rules have the same priority, causing conflict
D. Listener ARN is missing in one of the rules

Solution

  1. Step 1: Check listener rule priorities

    Both rules have priority 10, which causes a conflict because priorities must be unique.

  2. Step 2: Understand effect of priority conflict

    Load balancer cannot decide which rule to apply, so traffic routing fails or is unpredictable.

  3. Final Answer:

    Both listener rules have the same priority, causing conflict -> Option C

  4. Quick Check:

    Unique priorities required for listener rules [OK]
Hint: Listener rule priorities must be unique numbers [OK]
Common Mistakes:
  • Ignoring priority uniqueness
  • Assuming host_header condition is invalid
  • Overlooking target group correctness
5. You want to implement a blue-green deployment in Terraform with minimal downtime. Which approach best achieves this?
hard
A. Deploy new version to green environment and keep routing traffic to blue until green is manually deleted
B. Deploy new version to green environment, test it, then update load balancer to route all traffic to green
C. Deploy new version directly to blue environment and restart all servers simultaneously
D. Deploy new version to blue environment and use DNS TTL to switch traffic slowly

Solution

  1. Step 1: Understand blue-green deployment goals

    The goal is zero downtime by having two identical environments and switching traffic atomically.

  2. Step 2: Evaluate deployment approaches

    Deploying to green, testing, then switching load balancer traffic ensures smooth transition without downtime.

  3. Step 3: Compare other options

    Direct deploy with restart causes downtime; manual deletion delays switch; DNS TTL causes slow switch and possible downtime.

  4. Final Answer:

    Deploy new version to green environment, test it, then update load balancer to route all traffic to green -> Option B

  5. Quick Check:

    Blue-green = test new env, then switch traffic [OK]
Hint: Test new environment fully before switching traffic [OK]
Common Mistakes:
  • Restarting servers causing downtime
  • Delaying traffic switch by manual deletion
  • Relying on DNS TTL for instant switch