CodeDeploy & rollback

Targets, appspec hooks, blue/green, auto-rollback.

Intermediate30 min · lesson 3 of 15

CodeDeploy automates releasing your application to compute targets with controlled strategies and automatic rollback. Choosing the deployment strategy for the target is a core DevOps decision that trades speed against safety.

Targets and the appspec

CodeDeploy deploys to EC2/on-prem instances, ECS services, and Lambda functions. An appspec file tells it what to deploy and defines lifecycle hooks (BeforeInstall, AfterInstall, ApplicationStart, ValidateService) where you run validation scripts — so a deployment can verify health before shifting traffic. For EC2 it supports in-place (update the existing fleet) and blue/green (stand up a new fleet, shift traffic, keep the old for rollback); for ECS and Lambda it uses traffic-shifting between versions. The appspec-plus-hooks model lets you bake health checks into the release itself.

deployment strategies by target
# TARGET STRATEGIES
# EC2 → in-place (update fleet) | blue/green (new fleet + traffic shift)
# ECS → blue/green / canary via traffic shifting between task sets
# Lambda → linear / canary (shift % of traffic to the new version)
#
# appspec hooks run validation at each step:
hooks:
AfterInstall: [{ location: scripts/verify.sh }]
ValidateService: [{ location: scripts/smoke-test.sh }] # fail → rollback

Automatic rollback

The safety mechanism that makes frequent deployment viable is automatic rollback: tie the deployment to CloudWatch alarms and health checks, and CodeDeploy reverts to the last known-good version when an alarm fires or validation fails — so a bad release is contained in seconds without a human scrambling. Blue/green and canary strategies limit blast radius further by exposing the new version to a subset of traffic first and watching metrics before full cutover. The combination — progressive delivery plus alarm-triggered rollback plus health-checked hooks — is what lets a DevOps team ship often and safely, which is the essence of the professional-level exam and the job.

Safe deployment with rollback
1deploy new version
blue/green or canary
2validation hooks
smoke tests before cutover
3watch alarms
CloudWatch on error rate/latency
4auto-rollback on failure
revert to known-good in seconds
Progressive delivery plus health checks plus alarm-triggered rollback make frequent releases safe.
A deploy without automated rollback is a manual outage
If a bad release has no automatic rollback, containment depends on a human noticing and reacting — minutes of impact at best. Tie every production deployment to CloudWatch alarms and validation hooks so CodeDeploy reverts automatically, and use blue/green or canary to limit how much traffic a bad version ever sees.