It sounds like the grungy work you'd need to look into is a canary deploy with a production traffic duplicator. Spin up a version N+1 in AWS, copy all the traffic N is getting, only hook N+1 to mocks and observed behavior.
If your monitoring and alerting and quotas are setup right you'll know if the version update is ok.
To me that is very scary work though. Very difficult and risky and this article re-applies (at least to me).
You can also collect code coverage statistics from this canary deploy. I don't know if this is possible with EBS but I've done it with JVM apps where you can connect a debugger remotely. Keep running the canary until 100% of code paths are hit. If a code path isn't hit, find out why and repeat.
It's also a great way to empirically find dead code.
Trying to build something like this with Intel PT, and it's great. I used to do it with a patched libgcov, but now it's even better. Getting counters for every code branch, notifications after a new path has been taken once N% coverage is reached, liveness info about periodic tasks, I/O threads, execution times too.
If your monitoring and alerting and quotas are setup right you'll know if the version update is ok.
To me that is very scary work though. Very difficult and risky and this article re-applies (at least to me).