[stuff4ben]

We're using Terraform for our AWS env and while it worked great for getting stuff out there, we're now scrambling to figure out how to get Terraform to do non-destructive updates to the environment. For instance, I need to update our base OS for the application servers we're running. How do I do this without incurring a downtime? Or I need to now interject a new reverse proxy between our ELB's and app servers, but want to do it without causing an interruption. We're doing our research and this blog post is very helpful, but if you have any pointers...

[hnov]

You pretty much have to take the same approach as you would outside of terraform: create the new thing (launch configuration, standalone instance) and attach it to the ELB before spinning down the old one. Terraform does have some rudimentary aid to that end in the form of the create_before_destroy[0] flag, though it doesn't work out with uniquely named things.

[0] https://www.terraform.io/docs/configuration/resources.html#c...

[Thaxll]

You should use 2 ASG ( blue / green ) and 1 ELB for that, then when you need to update the OS of one of the ASG you just update the launch configuration. It's easy to do in Terraform.

1) Update the launch configuration of your un-used ASG ( with the new AMI ID )

2) Apply terraform to deploy the new ASG

3) Make sure it's working ( your local app on your new instances )

4) Connect the ELB to your new ASG

5) Set the old ASG to 0 instances to drain the connections

[mayank]

This is a pretty common question. Check out this blog post for how to get Terraform to bring up a new ASG with a new AMI before removing the old one from an ELB:

https://robmorgan.id.au/posts/rolling-deploys-on-aws-using-t...