Description:
AWS Elastic Beanstalk is an AWS-managed service for web applications. It is a Platform as a Service (PaaS) as it allows users to directly use a pre-configured server for their application. It is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto-scaling to application health monitoring.
Managed updates automatically apply updates to your AWS Elastic Beanstalk environment when they are released.
Rationale:
AWS Elastic Beanstalk gives you the facility to update your applications these features will help you to configure your environment to automatically upgrade to the latest version of a platform during the scheduled maintenance window.
Elastic Beanstalk (EB) regularly releases updates for Linux and Windows server-based platforms that run the application on an EB environment.
Impact:
Enable the Managed Updates will improve your applications on new platform features it also contains patches, security fixes, and software updates. Without taking any EC2 instances out of service update the applications.
Default Value:
When you created a new Elastic Beanstalk environment without any configuration by default Elastic Beanstalk Managed Updates is disabled.
Pre-Requisite:
Before the Implementation step, you must take a backup or snapshot of the instances in which your application run and also ensure that your application is not run a retired version of any web application.
Remediation:
Test Plan:
Step 1: Sign in to AWS Management Console and go to Elastic Beanstalk (EB) dashboard at https://console.aws.amazon.com/elasticbeanstalk/.
Step 2: In the Elastic Beanstalk dashboard click on Environments in the left navigation pane
Step 3: Choose the EB application environment that you want to audit
Step 4: Click on Configuration in the left navigation pane
Step 5: In the Configuration, overview scroll down and go to Managed updates
Using AWS CLI:
To view information about an environment
aws elasticbeanstalk describe-environments \ --region <region_name> \ --output table --query 'Environments[*].EnvironmentName'
Filters to the selected Elastic Beanstalk environment application
aws elasticbeanstalk describe-environments \
--region < region> \
--environment-names < give_EB_environment>
--query 'Environments[*].ApplicationName'
To view configuration settings for an environment
aws elasticbeanstalk describe-configuration-settings \
--region < region_name>
--environment-name <give_name EB environment>
--application-name < give the application name>
--query 'ConfigurationSettings[*].OptionSettings[?OptionName==`ManagedActionsEnabled`] | []'
Implementation Steps:
Step 1: Sign in to AWS Management Console and go to Elastic Beanstalk (EB) dashboard at https://console.aws.amazon.com/elasticbeanstalk/.
Step 2: In the Elastic Beanstalk dashboard click on Environments in the left navigation pane
Step 3: Choose the EB application environment that you want to audit
Step 4: Click on Configuration in the left navigation pane
Step 5: In the Configuration, overview scroll down and go to Managed updates and click on the edit button
Step 6: Click on the check box to Enable the Managed updates and then choose the day and time for the weekly update window select update level either Minor and Patch or Patch only
Step 7: Click on Apply button
Using AWS CLI
To update an environment to a new version
aws elasticbeanstalk update-environment \
--environment-name my-env --version-label v2
To set an environment variable
aws elasticbeanstalk update-environment \
--environment-name my-env --option-settings \
Namespace=aws:elasticbeanstalk:application:environment,\
OptionName=PARAM1,Value=ParamValue
To configure option setting a file
aws elasticbeanstalk update-environment \
--environment-name my-env --option-setting \
file://options.json
Backout Plan
Follow the Implementation steps 1-6 and check the Enabled check box in Managed updated and click on Apply button.
Using AWS CLI:
To disable the managed updates
aws elasticbeanstalk update-environment \ --environment-name my-env --option-settings \ Namespace=aws:elasticbeanstalk:application:environment,\ OptionName=managedupdates,Value=disable