Zero-Downtime Blue-Green Deployment for a High-Growth Startup

Enterprise-Grade Patterns on a Startup Budget

The client needed zero-downtime deployments, but they weren't yet ready for the cost and complexity of a full Kubernetes (EKS) cluster. InfraShift designed a "Lean Blue-Green" architecture that delivered high availability using their existing VM-based footprint.

The Mission: Implement a fully automated CI/CD pipeline that enables seamless version switching without a single drop in traffic, all while keeping AWS infrastructure costs at an absolute minimum.

Eliminating the "Deployment Gap" on Lean Infrastructure For an emerging startup, every second of uptime is critical for building user trust. Our client was running a containerized application on a single AWS EC2 instance, using Docker to manage their services.

While the setup was cost-effective, their deployment process was a major bottleneck. Every time a new version of the app was pushed, the existing container had to be stopped before the new one could start. This created a "Deployment Gap" - a period of 30 to 90 seconds where the application was completely offline. As their user base began to grow, this manual, high-risk process became unsustainable.

The Execution: Zero-Downtime via Blue-Green Automation

We re-engineered the deployment workflow using GitHub Actions and Nginx to turn a standard VM into a sophisticated deployment engine.

1. The Blue-Green Architecture on a Single VM

Instead of a single container, we configured the VM to host two identical environments—Blue (Active) and Green (Idle).

• Parallel Environments: The new version of the application is deployed to the "Green" slot while the "Blue" slot continues to serve live traffic.
• Health Validation: The pipeline automatically runs health checks against the Green container. If it fails, the deployment stops, and the live environment remains untouched.

2. Intelligent Ingress with Nginx & OWASP

To manage the traffic switch and secure the entry point, we deployed Nginx as a reverse proxy on the same VM.

• Seamless Switching: Once the Green environment is verified, GitHub Actions triggers an Nginx configuration reload to point traffic to the new container. This happens in milliseconds—faster than a human can refresh a browser.
• Built-in Security: We integrated the Open Source OWASP ModSecurity Core Rule Set within Nginx. This provided the client with enterprise-level Web Application Firewall (WAF) protection against common threats (SQLi, XSS) without the high cost of a managed AWS WAF.

3. Fully Automated GitHub Actions Pipeline

We moved the client away from manual Docker commands to a robust, "one-click" CI/CD pipeline:

• Build & Scan: Code is automatically built into a Docker image and scanned for vulnerabilities.
• Automated Deploy: The pipeline identifies which slot (Blue or Green) is idle, deploys the new image, verifies health, and updates the Nginx routing automatically.
• Instant Rollback: If an issue is detected post-deployment, the pipeline can switch traffic back to the previous version instantly.