Gremlin Docs Logo
Go to app
Quick Start Guides
AWS Quick Start Guide
Reliability Management (RM) Quick Start Guide
Getting Started
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Onboarding services automatically
Using tags
Enabling DNS collection
Enabling AWS PrivateLink
Platform
Managing the Gremlin Agent
Updating Gremlin
Managing Users and Teams
Configuring Role Based Access Control (RBAC)
User Authentication via SAML and OAuth
Managing Kubernetes namespaces
Integrations
Health Checks
Dynatrace Integration
Restricting Testing Times
Command Line Interface
Reliability Intelligence
Reports
Private Network Integration (PNI) Agent
Managing running, scheduled, and past experiments
Gremlin Private Edition
Reliability Management
Services
Dependencies
Detected Risks
Test Suites
Reliability Tests
Reliability Score
Disaster Recovery Tests
Fault Injection
Targets
Experiments
Scenarios
GameDays
Failure Flags
Failure Flags
Configuring Failure Flags
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Deploying Failure Flags on the Istio service mesh via Envoy
Deploying Failure Flags on Pivotal Cloud Foundry (PCF)
Installing the Failure Flags SDK
Using Failure Flags by proxy
Running Failure Flags experiments
Troubleshooting Failure Flags
API Reference
Getting started with the Gremlin API
API reference: Classes, methods, & attributes
API examples
Security
Security
Container security
Release Notes
GeneralLinuxIntegration Agent for LinuxWindowsChaoHelmFailure Flags: Sidecar
Resources
Gremlin User Community SlackBlogTutorialsGlossaryHelp and support
Start your 30 day free trial.
START FOR FREE
Docs Home
Failure Flags
Deploying Failure Flags on AWS ECS

Deploying Failure Flags on AWS ECS

Supported platforms:

N/A

This document will walk you through setting up Failure-Flags-Sidecar for your ECS Tasks. Gremlin provides a sidecar container called "Failure-Flags-Sidecar" that runs alongside your application. Failure Flags sidecar container images are available via DockerHub and support both AMD64/x86_64 and ARM64 architectures. These container images include a LICENSE file and a single binary program built for Linux. Alternatively, you can download the archives directly for arm64 or x86_64.

You can find a list of releases in our release notes, or in our VERSIONS file.

Configuring Failure Flags for ECS

In addition to the common configuration options, Failure Flags on ECS accepts the following options:

Environment variable Description
ECS_SERVICE_NAME Set to the name of the service as you want it to appear in Gremlin. Service names can only contain alphanumeric characters, hyphens, and underscores, and must be less than 64 characters long.

Adding the sidecar to your container definitions

Adding the sidecar means including an additional task in any ECS application where you want to use Failure Flags. For example, this definition deploys an application named ff-nodejs-demoapp and the Gremlin sidecar container. This application will be listed in Gremlin with the name my-fargate-sidecar-demo (via the ECS_SERVICE_NAME environment variable):

JSON
{
    "containerDefinitions": [
        {
            "name": "app",
            "image": "samew/ff-nodejs-demoapp:amd64",
            "cpu": 0,
            "portMappings": [
                {
                    "name": "app-3000-tcp",
                    "containerPort": 3000,
                    "hostPort": 3000,
                    "protocol": "tcp",
                    "appProtocol": "http"
                }
            ],
            "essential": true,
            "environment": [
                {
                    "name": "FAILURE_FLAGS_ENABLED",
                    "value": "true"
                }
            ],
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-create-group": "true",
                    "awslogs-group": "/ecs/nodejs-ff-demoapp",
                    "awslogs-region": "us-east-2",
                    "awslogs-stream-prefix": "ecs"
                },
                "secretOptions": []
            }
        },
        {
            "name": "gremlin-sidecar",
            "image": "gremlin/failure-flags-sidecar:latest",
            "cpu": 0,
            "portMappings": [],
            "essential": false,
            "environment": [
                {
                    "name": "ECS_SERVICE_NAME",
                    "value": "my-fargate-sidecar-demo"
                },
                {
                    "name": "GREMLIN_DEBUG",
                    "value": "true"
                },
                {
                    "name": "GREMLIN_TEAM_CERTIFICATE",
                    "value": "-----BEGIN CERTIFICATE-----ExampleXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-----END CERTIFICATE-----"
                },
                {
                    "name": "GREMLIN_SIDECAR_ENABLED",
                    "value": "true"
                },
                {
                    "name": "GREMLIN_TEAM_ID",
                    "value": "ffffffff-ffff-ffff-ffff-ffffffffffff"
                },
                {
                    "name": "GREMLIN_TEAM_PRIVATE_KEY",
                    "value": "-----BEGIN EC PRIVATE KEY-----ExampleXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==-----END EC PRIVATE KEY-----"
                }
            ],
            "logConfiguration": {
                "logDriver": "awslogs",
                "options": {
                    "awslogs-create-group": "true",
                    "awslogs-group": "/ecs/nodejs-ff-demoapp",
                    "awslogs-region": "us-east-2",
                    "awslogs-stream-prefix": "ecs"
                },
                "secretOptions": []
            }
        }
    ],
    "family": "nodejs-ff-demoapp",
    "executionRoleArn": "arn:aws:iam::999999999999:role/ecsTaskExecutionRole",
    "networkMode": "awsvpc",
    "volumes": [],
    "requiresAttributes": [
        {
            "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
        },
        {
            "name": "ecs.capability.execution-role-awslogs"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
        },
        {
            "name": "ecs.capability.task-eni"
        },
        {
            "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
        }
    ],
    "requiresCompatibilities": [
        "FARGATE"
    ],
    "cpu": "1024",
    "memory": "3072",
    "runtimePlatform": {
        "cpuArchitecture": "X86_64",
        "operatingSystemFamily": "LINUX"
    }
}

ECS metadata discovered by Gremlin

Gremlin automatically detects the following environment variables for ECS functions:

Environment variable Description
ECS_CONTAINER_METADATA_URI The address of the task metadata version 3.
ECS_CONTAINER_METADATA_URI_V4 The address of the task metadata version 4.
ECS_HOST_DATA_DIR The host path where the container’s agent state file is located.
ECS_SERVICE_NAME The name of the Amazon ECS service to which the task belongs.

Privileges required

Privilege Description
CLIENTS_READAllows reading all client information within the team
CLIENTS_WRITEAllows editing all client information within the team
Deploying Failure Flags on AWS Lambda
Previous
Deploying Failure Flags on Kubernetes
Next
On this page
Back to top