GitmoxiLogo Gitmoxi

Navigation Pane

Overview
Getting Started
Install on ECS Fargate
Install on EKS
Repo Setup
Testing ECS
Testing EKS
Testing Lambda
Uninstall Gitmoxi
Core Concepts
Gitmoxi for ECS
ECS Deployment Definition
Gitmoxi for Lambda
Lambda Deployment Definition
Lambda Event Source Mapping
Input Parameterization
CLI Reference

Gitmoxi for Amazon ECS

Introduction

Managing container deployments at scale can be complex and error-prone. Gitmoxi solves this challenge by providing full GitOps-based lifecycle management for Amazon ECS services. With Gitmoxi, you can declaratively define your ECS infrastructure as code and store it in Git, ensuring that your deployment process is repeatable, auditable, and version-controlled.

When ECS deployment files are created, modified, or deleted in a Git repository, Gitmoxi automatically orchestrates the corresponding changes in your ECS clusters. Based on your application’s needs, Gitmoxi supports both rolling updates and blue/green deployments with a variety of traffic shifting strategies.

Key Files and Workflow

In the ECS GitOps workflow, Gitmoxi uses four key files to manage deployments:

FileNamePurpose
Service definition_svcdef.jsonDefines ECS service parameters
Task definition_taskdef.jsonSpecifies container configurations
Deployment configuration_depdef.jsonControls deployment strategies and traffic shifting
Input file_input.jsonProvides parameterization values

Let’s explore each of these files, as their contents—and any changes to them—drive Gitmoxi’s ECS deployment logic.

Service Definition File

The ECS service definition file (_svcdef.json) includes all attributes supported by the Amazon ECS CreateService API. This file is written using native ECS definitions, meaning you can immediately take advantage of new ECS features as they are released—no waiting for tool-specific updates.

A particularly important attribute in this file is deploymentController:

  • If set to "ECS", Gitmoxi leverages ECS’s native rolling deployment mechanism.
  • If set to "EXTERNAL", Gitmoxi performs its own deployment using a blue/green strategy, including advanced traffic shifting.

To enable blue/green deployments with Gitmoxi, simply set deploymentController to EXTERNAL in the _svcdef.json file.

Example Service Definition

Click to expand service definition example 
{
  "cluster": "production-cluster",
  "serviceName": "web-frontend",
  "taskDefinition": "web-frontend:latest",
  "desiredCount": 10,
  "deploymentController": {
    "type": "EXTERNAL"
  },
  "loadBalancers": [
    {
      "targetGroupArn": "arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/web-frontend/1234567890123456",
      "containerName": "web-app",
      "containerPort": 8080
    }
  ],
  "networkConfiguration": {
    "awsvpcConfiguration": {
      "subnets": [
        "subnet-12345678",
        "subnet-87654321"
      ],
      "securityGroups": [
        "sg-12345678"
      ],
      "assignPublicIp": "DISABLED"
    }
  }
}

Task Definition File

The ECS task definition JSON file (_taskdef.json) can contain all the attributes defined by the ECS Task Definition Registration Request.

Whenever an ECS service needs to be created or updated, Gitmoxi will:

  1. Register a new task definition using the task definition file
  2. Obtain the ARN for the new revision
  3. Use that ARN in the service creation or update process

If the task definition file is not present, Gitmoxi uses the task definition attribute ("taskDefinition") from the service definition file. If neither the task definition file nor the attribute are provided, the service creation will fail.

Example Task Definition

Click to expand task definition example 
{
  "family": "web-frontend",
  "networkMode": "awsvpc",
  "executionRoleArn": "arn:aws:iam::123456789012:role/ecsTaskExecutionRole",
  "containerDefinitions": [
    {
      "name": "web-app",
      "image": "123456789012.dkr.ecr.us-west-2.amazonaws.com/web-frontend:latest",
      "essential": true,
      "portMappings": [
        {
          "containerPort": 8080,
          "hostPort": 8080,
          "protocol": "tcp"
        }
      ],
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "/ecs/web-frontend",
          "awslogs-region": "us-west-2",
          "awslogs-stream-prefix": "ecs"
        }
      },
      "environment": [
        {
          "name": "NODE_ENV",
          "value": "production"
        }
      ],
      "healthCheck": {
        "command": ["CMD-SHELL", "curl -f http://localhost:8080/health || exit 1"],
        "interval": 30,
        "timeout": 5,
        "retries": 3,
        "startPeriod": 60
      }
    }
  ],
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "cpu": "256",
  "memory": "512"
}

Deployment Definition File

The ECS deployment definition JSON file (_depdef.json) contains various settings used by Gitmoxi during ECS service deployment, including:

  • Traffic shifting strategies
  • Circuit breaking parameters
  • Stability checks
  • Alarm integrations

These settings control how Gitmoxi transitions between old and new task revisions, monitors deployment health, and responds to failures.

Example Deployment Definition

Click to expand ECS deployment definition example 
{
  "trafficShift": {
    "type": "LINEAR",
    "interval": 60,
    "percentage": 20
  },
  "stabilityCheck": {
    "timeout": 600,
    "timeoutPerTask": 120,
    "interval": 15
  },
  "circuitBreaker": {
    "failureThreshold": 5,
    "failureThresholdPercentage": 30
  }
}

For complete details on deployment configuration options, see the ECS Deployment Definition Guide.

Input File

The ECS deployment input JSON file (_input.json) provides substitution values when you want to parameterize the attributes in service, task, or deployment definition files. This enables you to reuse configuration templates across different environments or services.

Example Input File

Click to expand input file example 
{
  "cluster": "production-cluster",
  "desiredCount": 10,
  "servicePrefix": "web-",
  "serviceName": "frontend",
  "image": "123456789012.dkr.ecr.us-west-2.amazonaws.com/web-frontend:latest",
  "environment": "production",
  "cpu": "256",
  "memory": "512"
}

Example Usage in Task Definition

Click to expand input substitution example 
{
  "family": "${servicePrefix}${serviceName}",
  "containerDefinitions": [
    {
      "name": "${serviceName}",
      "image": "${image}",
      "environment": [
        {
          "name": "NODE_ENV",
          "value": "${environment}"
        }
      ],
      "cpu": ${cpu},
      "memory": ${memory}
    }
  ]
}

For more details on parameter substitution, see the Input Files Guide.

Gitmoxi GitOps for ECS

Here’s how changes to deployment files influence your ECS services:

  1. When changes are detected: Whenever the service definition, task definition, and/or input file are changed, Gitmoxi triggers a new deployment to create or update the associated ECS service.

  2. Service creation: If no active service exists in the specified cluster and region, Gitmoxi creates a new service based on the service definition.

  3. Service update: If the service already exists, Gitmoxi updates it with the new configuration.

  4. Task definition registration: Gitmoxi always registers the task definition (regardless of whether it has changed) and uses the latest revision for service creation or update.

Note: Changes to only the deployment definition file (_depdef.json) will not trigger a new deployment because this file contains deployment settings rather than service attributes.

Deployment Strategies

Gitmoxi supports two main deployment strategies for ECS services:

Rolling Update Deployment

In an ECS service rolling update, new task versions are gradually created while the old versions are deleted. The deployment process is controlled by two key parameters in the ECS service definition:

  • minimumHealthyPercent: Minimum percentage of tasks that must remain running
  • maximumPercent: Maximum percentage of tasks (old + new) allowed during deployment

Example Scenario

For a service with 10 running tasks:

ConfigurationBehavior
minimumHealthyPercent: 100
maximumPercent: 150		- 5 new tasks are created first
- Once new tasks are healthy, 5 old tasks are removed
- Remaining 5 new tasks are created
minimumHealthyPercent: 50
maximumPercent: 100		- 5 old tasks can be removed immediately
- 5 new tasks are created
- Remaining 5 old tasks are removed
- Remaining 5 new tasks are created

Advantages of Rolling Updates

  • Simple to orchestrate
  • Cost-effective for high task counts
  • Controlled resource usage during deployment

Limitations of Rolling Updates

  • Not suitable when old and new versions can’t serve mixed traffic
  • Limited control over traffic shifting
  • Rollbacks require repeating the gradual process

Blue/Green Deployment

For an ECS blue/green deployment, Gitmoxi:

  1. Creates a complete new set of tasks based on the latest changes
  2. Waits for all new tasks to achieve running status
  3. Performs traffic shifting from old to new tasks (if service uses a load balancer)
  4. Deletes old tasks after successful traffic shift
  5. Rolls back to old tasks if failures occur during deployment

Advantages of Blue/Green Deployments

  • Easy rollbacks to stable versions
  • Granular control over traffic shifting
  • Minimized downtime risks

Limitations of Blue/Green Deployments

  • Requires an Application Load Balancer
  • Higher cost (2x tasks running during deployment)
  • More complex configuration

Choosing the Right Strategy

RequirementRecommended Strategy
API versioning (e.g., /api/v1 vs /api/v2)Blue/Green
Live user sessions that shouldn’t be interruptedBlue/Green
High task count with cost constraintsRolling Update
Need for rapid rollback capabilityBlue/Green
Simple service with stateless behaviorEither

Traffic Shifting Patterns for Blue/Green Deployments

For blue/green deployments, Gitmoxi supports several traffic shifting patterns:

CANARY

Shifts traffic in two phases:

  1. First shift a small percentage (e.g., 20%)
  2. Monitor for a configured time interval
  3. If no alarms trigger, shift the remaining traffic (e.g., 80%)

LINEAR

Shifts traffic in equal increments over multiple intervals:

  1. Start with initial percentage (e.g., 20%)
  2. Increase by that percentage at each step (20%, 40%, 60%, 80%, 100%)
  3. Monitor between each increment
  4. Revert to old tasks if alarms trigger at any point

ALL_AT_ONCE

Shifts 100% of traffic to new tasks immediately:

  1. Direct all traffic to new tasks
  2. Monitor for configured wait time
  3. Revert to old tasks if alarms trigger during wait time

Deployment Stability Checks

Gitmoxi performs health checks during deployment to ensure tasks reach a stable running state:

Configuration Options

  • timeout: Maximum absolute time (in seconds) to wait for task stability
  • timeoutPerTask: Time allotted per task (multiplied by desired count)
  • interval: How frequently Gitmoxi polls for task status

Example Calculations

Desired CountConfigurationEffective Timeout
10 taskstimeout: 600600 seconds
10 taskstimeoutPerTask: 1201200 seconds (120 × 10)
10 taskstimeout: 600
timeoutPerTask: 120		1200 seconds (max value used)

Deployment Circuit Breaker

The circuit breaker prevents wasteful deployment attempts when tasks repeatedly fail to start:

Configuration Options

  • failureThreshold: Absolute number of task failures before aborting
  • failureThresholdPercentage: Percentage of desired count that can fail

Example Calculations

Desired CountConfigurationFailure Threshold
10 tasksfailureThreshold: 55 failures
10 tasksfailureThresholdPercentage: 303 failures (30% × 10)
10 tasksfailureThreshold: 5
failureThresholdPercentage: 30		3 failures (min value used)

Troubleshooting Common Issues

Service Creation Failures

ProblemPossible CausesSolution
Missing task definitionNeither _taskdef.json nor taskDefinition attribute existsCreate a task definition file or add the attribute to _svcdef.json
Permission errorsInsufficient IAM permissionsVerify the execution role has appropriate permissions
Resource constraintsInsufficient CPU/memory or no container instances availableCheck resource availability or increase limits

Deployment Failures

ProblemPossible CausesSolution
Tasks failing to startContainer errors, unhealthy checksCheck container logs and health check configuration
Traffic shifting alarmsApplication errors in new versionFix issues or modify alarm sensitivity
Timeout during deploymentTasks taking too long to become stableIncrease stability timeout settings

Configuration Issues

ProblemPossible CausesSolution
Parameter substitution errorsMissing or invalid input valuesVerify all referenced parameters exist in _input.json
File format issuesInvalid JSON syntaxValidate JSON formatting
Deployment not triggeredChanges only to _depdef.jsonMake a minor change to service or task definition

Best Practices

General Recommendations

  • Use source control branches to test deployment changes before merging to production
  • Create separate deployment files for different environments (dev, staging, prod)
  • Define appropriate health checks in task definitions to ensure accurate stability reporting

Rolling Update Best Practices

  • Set minimumHealthyPercent to at least 50% for production services
  • Consider using maximumPercent of 150-200% for faster deployments when resources permit
  • Test deployment configuration with non-critical services first

Blue/Green Deployment Best Practices

  • Start with CANARY or LINEAR traffic shifting patterns to minimize risk
  • Configure appropriate CloudWatch alarms to detect issues during traffic shifting
  • Use small initial traffic percentages (10-20%) when deploying critical changes

Glossary

TermDefinition
GitOpsInfrastructure management approach using Git as the single source of truth
Rolling UpdateDeployment strategy that gradually replaces tasks
Blue/Green DeploymentStrategy that creates a complete parallel environment before shifting traffic
Canary DeploymentPattern that tests new version with a small percentage of traffic
Circuit BreakerMechanism to stop deployments when failures exceed threshold
Task DefinitionECS configuration specifying how containers should run
Service DefinitionECS configuration defining how tasks should be deployed and maintained

Additional Resources

Elevate Your Deployment Experience Today

Experience the power of Gitmoxi — your go-to solution for simple, flexible, and transparent deployment management

Try Now for Free

Email Address *

End User License Agreement

END USER LICENSE AGREEMENT (EULA)

IMPORTANT: PLEASE READ THIS AGREEMENT CAREFULLY BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE.

By downloading, installing, or using this software, you acknowledge that you have read this Agreement, understand it, and agree to be bound by its terms. If you do not agree to these terms, do not install or use the software.

-------------------------------------------------------------------------------

1. GRANT OF LICENSE  
Subject to the terms of this Agreement, SKAI Software Corporation grants you a limited, non-exclusive, non-transferable, non-sublicensable license to install and use the software solely for your personal or internal business purposes.  

-------------------------------------------------------------------------------

2. RESTRICTIONS  
You may NOT:  
a) Modify, adapt, translate, or create derivative works from the software.  
b) Reverse engineer, decompile, or disassemble the software, except as expressly permitted by applicable law.  
c) Rent, lease, loan, sell, sublicense, distribute, or otherwise transfer the software to any third party.  
d) Remove, alter, or obscure any proprietary notices, trademarks, or labels from the software.  

-------------------------------------------------------------------------------

3. OWNERSHIP  
The software is and remains the exclusive property of SKAI Software Corporation. This Agreement does NOT transfer ownership of the software; it only grants you a limited license to use it. SKAI Software Corporation reserves all rights not expressly granted.  

-------------------------------------------------------------------------------

4. TERMINATION  
This Agreement is effective until terminated. Your rights under this Agreement will automatically terminate without notice if you violate any provision.  

Upon termination, you MUST IMMEDIATELY:  
- Cease all use of the software.  
- Delete or destroy all copies in your possession.  

Termination does not limit SKAI Software Corporation’s right to pursue any other remedies available under law or equity.  

-------------------------------------------------------------------------------

5. DISCLAIMER OF WARRANTY  
THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  

SKAI SOFTWARE CORPORATION DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.  

SKAI SOFTWARE CORPORATION DOES NOT WARRANT THAT THE SOFTWARE WILL BE ERROR-FREE, UNINTERRUPTED, OR COMPATIBLE WITH ALL SYSTEMS.  

YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT USE OF THE SOFTWARE IS AT YOUR SOLE RISK.  

-------------------------------------------------------------------------------

6. LIMITATION OF LIABILITY  
TO THE FULLEST EXTENT PERMITTED BY LAW:  

IN NO EVENT SHALL SKAI SOFTWARE CORPORATION BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOST PROFITS, BUSINESS INTERRUPTION, OR LOSS OF DATA, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  

IN NO EVENT SHALL SKAI SOFTWARE CORPORATION'S TOTAL LIABILITY UNDER THIS AGREEMENT EXCEED THE AMOUNT YOU PAID FOR THE SOFTWARE, IF ANY.  

SOME JURISDICTIONS DO NOT ALLOW CERTAIN LIMITATIONS OF LIABILITY, SO SOME OF THESE LIMITATIONS MAY NOT APPLY TO YOU.  

-------------------------------------------------------------------------------

7. INDEMNIFICATION  
You agree to INDEMNIFY, DEFEND, AND HOLD HARMLESS SKAI Software Corporation, its affiliates, officers, directors, employees, and agents from any claims, liabilities, damages, costs, or expenses (including attorneys’ fees) arising out of:  
a) Your use or misuse of the software.  
b) Your violation of this Agreement.  
c) Your violation of any applicable laws or third-party rights.  

-------------------------------------------------------------------------------

8. GOVERNING LAW & JURISDICTION  
This Agreement shall be governed by and construed in accordance with the LAWS OF THE STATE OF DELAWARE, U.S.A., WITHOUT REGARD TO ITS CONFLICT OF LAW PRINCIPLES.  

ANY DISPUTE ARISING FROM OR RELATED TO THIS AGREEMENT SHALL BE EXCLUSIVELY RESOLVED IN THE STATE OR FEDERAL COURTS LOCATED IN DELAWARE, AND YOU IRREVOCABLY CONSENT TO SUCH JURISDICTION.  

-------------------------------------------------------------------------------

9. SEVERABILITY  
If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.  

-------------------------------------------------------------------------------

10. FORCE MAJEURE  
SKAI Software Corporation shall NOT BE LIABLE for any failure or delay in performance due to causes beyond its reasonable control, including but not limited to natural disasters, war, government actions, network failures, or cyber-attacks.  

-------------------------------------------------------------------------------

11. ENTIRE AGREEMENT  
This Agreement constitutes the ENTIRE AGREEMENT between you and SKAI Software Corporation regarding the software and supersedes all prior agreements, representations, or understandings.  

-------------------------------------------------------------------------------

BY DOWNLOADING, INSTALLING, OR USING THIS SOFTWARE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS AGREEMENT AND AGREE TO BE BOUND BY ITS TERMS.

I have read and accept the End User License Agreement

×