Each recipe provides a setup.env.template file which is a template for configuring the Gerrit stacks. Copy that into a setup.env and set the correct values for the provided environment variables.

cp setup.env.template setup.env

Here below a list of variables that are common and need to be specified regardless the recipe you want to deploy. Please refer to the individual recipes to understand what additional variables need to be set.

Common parameters


Configuration values affecting deployment environment and cluster properties

  • AWS_REGION: Optional. Which region to deploy to. us-east-1 by default.
  • AWS_PREFIX: Optional. A string to prefix stacks and resources with. gerrit by default.
  • DOCKER_REGISTRY_URI: Mandatory. URI of the Docker registry. See the prerequisites section for more details.
  • SSL_CERTIFICATE_ARN: Mandatory. ARN of the wildcard SSL Certificate, covering both primary nodes.
  • CLUSTER_STACK_NAME: Optional. Name of the cluster stack. gerrit-cluster by default.
  • DNS_ROUTING_STACK_NAME: Optional. Name of the DNS routing stack. gerrit-dns-routing by default.
  • HOSTED_ZONE_NAME: Optional. Name of the hosted zone. by default.
  • GERRIT_KEY_PREFIX : Optional. Secrets prefix used during the Import into AWS Secret Manager. gerrit_secret by default.

Scheduled Git Garbage Collection

  • GIT_GC_ENABLED. Optional. Whether to schedule a git garbage collection task as part of the cluster deployment. “false” by default.
  • SERVICE_GIT_GC_STACK_NAME. Required. The name of the cloudformation stack.
  • GIT_GC_CRON_EXPRESSION. Required. a cronjob string, expressing the scheduling of the garbage collection. More information here
  • GIT_GC_PROJECT_LIST. Required. A comma separated list of projects to run GC against.


Configuration values to spec up Gerrit containers.

  • CLUSTER_INSTANCE_TYPE: Optional. The EC2 instance Type used to run the cluster. The default value is recipe-specific:
    • single-primary: m4.large
    • primary-replica: m4.xlarge
    • dual-primary: m4.2xlarge
  • GERRIT_RAM: RAM allocated (MiB) to the Gerrit container. 6000 by default.
  • GERRIT_CPU: vCPU units allocated to the Gerrit container. 1024 by default.
  • GERRIT_HEAP_LIMIT: Maximum heap size of the Java process running Gerrit, in bytes. See Gerrit documentation 6g by default.
  • JGIT_CACHE_SIZE: Maximum number of bytes to load and cache in memory from pack files. See Gerrit documentation for more details. 3g by default.
  • JGIT_OPEN_FILES: Maximum number of pack files to have open at once. See Gerrit documentation for more details. 128 by default.
  • GERRIT_CONTAINER_FDS_SOFT_LIMIT: The soft limit for file descriptors allowed in the Gerrit container. 1024 by default.
  • GERRIT_CONTAINER_FDS_HARD_LIMIT: The hard limit for file descriptors allowed in the Gerrit container 1024 by default.
  • INTERNET_GATEWAY_ID: Optional. Id of the existing Internet Gateway. If not set, create a new Internet Gateway
  • VPC_ID: Optional. Id of the existing VPC. If not set, create a new VPC.
  • VPC_CIDR: Optional. CIDR mask for the VPC. by default.
  • SUBNET_ID: Optional. Id of the existing Subnet. If not set, create a new Network Stack.
  • SUBNET_CIDR: Optional. CIDR mask of the Subnet. by default.
  • LOAD_BALANCER_SCHEME: Optional. The Load Balancer scheme type. internet-facing by default. Allowed values: internal, internet-facing

CloudWatch Monitoring

Application level metrics for CloudWatch are available through the metrics-reporter-cloudwatch plugin.

  • METRICS_CLOUDWATCH_ENABLED: Optional - Boolean. Whether to publish metrics to CloudWatch and create CloudWatch dashboard. Default: false
  • METRICS_CLOUDWATCH_NAMESPACE: Optional - String. The CloudWatch namespace for Gerrit metrics. Default: gerrit
  • METRICS_CLOUDWATCH_RATE: Optional - String. The rate at which metrics should be fired to AWS. Default: 60s
  • METRICS_CLOUDWATCH_INITIAL_DELAY: Optional - String. The time to delay the first reporting execution. Default: 0
  • METRICS_CLOUDWATCH_JVM_ENABLED: Optional - Boolean. Publish JVM metrics. Default: false
  • METRICS_CLOUDWATCH_DRY_RUN: Optional - Boolean. Log.DEBUG the metrics, rather than publishing. Default: false
  • METRICS_CLOUDWATCH_EXCLUDE_METRICS_LIST: Optional. Comma-separated list. Regex patterns to exclude from publishing. Default: empty string.


Configuration values related to LDAP integration. See more details here

  • LDAP_SERVER: Mandatory. URL of the organization’s LDAP server to query for user information and group membership from See Gerrit documentation
  • LDAP_USERNAME: Mandatory. Username to bind to the LDAP server with See Gerrit documentation
  • LDAP_ACCOUNT_BASE: Mandatory. Root of the tree containing all user accounts See Gerrit documentation
  • LDAP_GROUP_BASE: Mandatory. Root of the tree containing all group objects See Gerrit documentation
  • LDAP_ACCOUNT_PATTERN: Optional. Query pattern to use when searching for a user account. If parameters is setup in setup.env configuration file, ‘$’ needs to be escaped with ‘$$$$’, for example (&(objectClass=person)(uid=$$$${username})) See Gerrit documentation Default: (&(objectClass=person)(uid=$$$${username}))


Configuration values related to SMTP integration. See more details here

  • SMTP_SERVER: Mandatory. Hostname (or IP address) of a SMTP server that will relay messages generated by Gerrit to end users See Gerrit documentation
  • SMTP_SERVER_PORT: Optional. Port number of the SMTP server. See Gerrit documentation Default: 465
  • SMTP_USER: Mandatory. User name to authenticate with See Gerrit documentation
  • SMTP_DOMAIN: Mandatory. Domain to be used in the “From” field of any generated email messages See Gerrit documentation
  • SMTP_ENCRYPTION : Optional. Specify the encryption to use, either ‘ssl’, ‘tls’ or ‘none’ See Gerrit documentation Default: ssl
  • SMTP_SSL_VERIFY: Optional. If false and SMTP_ENCRYPTION is ‘ssl’ or ‘tls’, Gerrit will not verify the server certificate when it connects to send an email message. See Gerrit documentation Default: false