Description:

AWS Elastic Beanstalk is an AWS-managed service for web applications. It is a Platform as a Service (PaaS) as it allows users to directly use a pre-configured server for their application. It is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto-scaling to application health monitoring.

Managed updates automatically apply updates to your AWS Elastic Beanstalk environment when they are released.


Rationale:

AWS Elastic Beanstalk gives you the facility to update your applications these features will help you to configure your environment to automatically upgrade to the latest version of a platform during the scheduled maintenance window.

Elastic Beanstalk (EB) regularly releases updates for Linux and Windows server-based platforms that run the application on an EB environment.


Impact:

Enable the Managed Updates will improve your applications on new platform features it also contains patches, security fixes, and software updates. Without taking any EC2 instances out of service update the applications. 


Default Value:

When you created a new Elastic Beanstalk environment without any configuration by default Elastic Beanstalk Managed Updates is disabled.


Pre-Requisite:

Before the Implementation step, you must take a backup or snapshot of the instances in which your application run and also ensure that your application is not run a retired version of any web application.


Remediation:


Test Plan:


Step 1: Sign in to AWS Management Console and go to Elastic Beanstalk (EB) dashboard at https://console.aws.amazon.com/elasticbeanstalk/.

Step 2: In the Elastic Beanstalk dashboard click on Environments in the left navigation pane

Step 3: Choose  the EB application environment that you want to audit

Step 4: Click on Configuration in the left navigation pane

Step 5: In the Configuration, overview scroll down and go to Managed updates 


Using AWS CLI:

To view information about an environment

aws elasticbeanstalk describe-environments \
  --region <region_name> \
  --output table
  --query 'Environments[*].EnvironmentName'


Filters to the selected Elastic Beanstalk environment application

aws elasticbeanstalk describe-environments \
  --region < region> \
  --environment-names < give_EB_environment>
  --query 'Environments[*].ApplicationName'


To view configuration settings for an environment

aws elasticbeanstalk describe-configuration-settings \
  --region < region_name>
  --environment-name <give_name EB environment>
  --application-name < give the application name>
  --query 'ConfigurationSettings[*].OptionSettings[?OptionName==`ManagedActionsEnabled`] | []'


Implementation Steps:

Step 1: Sign in to AWS Management Console and go to Elastic Beanstalk (EB) dashboard at https://console.aws.amazon.com/elasticbeanstalk/.

Step 2: In the Elastic Beanstalk dashboard click on Environments in the left navigation pane

Step 3: Choose  the EB application environment that you want to audit

Step 4: Click on Configuration in the left navigation pane

Step 5: In the Configuration, overview scroll down and go to Managed updates and click on the edit button

Step 6: Click on the check box to Enable the Managed updates and then choose the day and time for the weekly update window select update level either Minor and Patch or Patch only

Step 7: Click on Apply button 


Using AWS CLI

To update an environment to a new version

aws elasticbeanstalk update-environment \
--environment-name my-env --version-label v2


To set an environment variable

aws elasticbeanstalk update-environment \
 --environment-name my-env --option-settings \ 
 Namespace=aws:elasticbeanstalk:application:environment,\
 OptionName=PARAM1,Value=ParamValue


To configure option setting a file

aws elasticbeanstalk update-environment \
--environment-name my-env --option-setting \
file://options.json



Backout Plan

Follow the Implementation steps 1-6 and check the Enabled check box in Managed updated and click on Apply button.


Using AWS CLI:

  • To disable the managed updates

    aws elasticbeanstalk update-environment \
     --environment-name my-env --option-settings \ 
     Namespace=aws:elasticbeanstalk:application:environment,\
     OptionName=managedupdates,Value=disable


Reference:

  1. Managed platform updates - AWS Elastic Beanstalk