Profile Applicability:

  • Level 1

Description:

AWS Elastic Beanstalk is a Platform-as-a-Service (PaaS) offering that simplifies the process of deploying, managing, and scaling applications in the cloud. Enhanced Health Reporting is a feature in Elastic Beanstalk that provides detailed information about the health of the application and its environment, including error rates, latency, and resource utilization. By enabling this feature, you get more granular and detailed health information compared to basic health monitoring, which can help you identify and troubleshoot issues more effectively.

Rationale:

Enabling Enhanced Health Reporting for Elastic Beanstalk environments provides deeper insights into the health of the application and infrastructure. This feature helps to:

  • Monitor application performance and detect potential issues early.

  • Improve troubleshooting by giving more detailed metrics and logs.

  • Ensure application reliability by detecting issues such as high latency, errors, and unhealthy instances.

  • Enhance security and compliance by providing visibility into environment health.

Impact:

Pros:

  • Improved Monitoring: Provides detailed health metrics, enabling proactive issue resolution.

  • Better Troubleshooting: Easier identification of performance bottlenecks or failing resources.

  • More Comprehensive Data: Enhanced logs and metrics for compliance, reporting, and debugging.

Cons:

  • Resource Overhead: The added monitoring may slightly increase resource consumption as more metrics are collected.

  • Cost: There may be minor additional costs related to storing the enhanced health data in CloudWatch.

Default Value:

By default, Enhanced Health Reporting is disabled in Elastic Beanstalk environments. If not enabled, only basic health metrics are provided, which may not be sufficient for identifying issues in complex applications.

Pre-requisites:

  • AWS IAM Permissions:

    • elasticbeanstalk:DescribeEnvironmentHealth

    • elasticbeanstalk:UpdateEnvironment

  • Elastic Beanstalk environment should be deployed and running.

Remediation:

Test plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to Elastic Beanstalk under Services.

  3. Select the environment for which you want to enable enhanced health reporting.

  4. In the Elastic Beanstalk Console, click on Configuration in the left-hand menu.

  5. In the Monitoring section, click on Edit.

  6. Enable Enhanced Health Reporting by selecting the checkbox to Enable Enhanced Health Reporting.

  7. Click Apply Changes to save the configuration.

Using AWS CLI:

To check the current health reporting status for an environment, run:

aws elasticbeanstalk describe-environment-health --environment-name <environment-name>

 The output should show "HealthReporting": "Enhanced" if it is enabled.

To enable Enhanced Health Reporting, run the following command:

aws elasticbeanstalk update-environment --environment-name <environment-name> --option-settings Namespace=aws:elasticbeanstalk:monitoring,OptionName=HealthReporting,Value=Enhanced

Implementation Steps:

Using AWS Console:

  1. Sign in to the AWS Management Console and navigate to Elastic Beanstalk.

  2. Select the environment you want to enable enhanced health reporting for.

  3. Click on Configuration in the left-hand menu.

  4. In the Monitoring section, select Edit.

  5. Check the Enable Enhanced Health Reporting option.

  6. Save changes by clicking Apply Changes.

Using AWS CLI:

To enable Enhanced Health Reporting, use the following command:

aws elasticbeanstalk update-environment --environment-name <environment-name> --option-settings Namespace=aws:elasticbeanstalk:monitoring,OptionName=HealthReporting,Value=Enhanced

To verify that the changes have been applied successfully, check the environment health:

aws elasticbeanstalk describe-environment-health --environment-name <environment-name>

Backout Plan:

Using AWS Console:

  1. If enabling Enhanced Health Reporting causes issues (e.g., performance concerns or excessive data usage):

    • Navigate to the Elastic Beanstalk Console.

    • Go to Configuration → Monitoring.

    • Click Edit and uncheck the box for Enhanced Health Reporting.

  2. Save changes to revert back to the basic health reporting.

Using AWS CLI:

To disable Enhanced Health Reporting, run:

aws elasticbeanstalk update-environment --environment-name <environment-name> --option-settings Namespace=aws:elasticbeanstalk:monitoring,OptionName=HealthReporting,Value=Basic

Verify that the change has been applied:

aws elasticbeanstalk describe-environment-health --environment-name <environment-name>

Note:

  • CloudWatch Integration: Enhanced Health Reporting integrates with CloudWatch to store detailed health data. Ensure your CloudWatch logs are configured correctly to capture this information.

  • Additional Monitoring: You may also want to configure additional monitoring, such as instance metrics or alarms, based on the health data provided by Elastic Beanstalk.

References:

CIS Controls Mapping:

Version

Control ID

Control Description

IG1

IG2

IG3

v8

6.7

Implement monitoring and logging controls for application health.

v8

6.8

Define and maintain role-based access control for monitoring and logging systems.

v8

6.4

Implement application layer filtering to enhance the visibility of application health.