More Info:

This rule checks if the deployment group for EC2/On-Premises Compute Platform is configured with a minimum healthy hosts fleet percentage or host count greater than or equal to the input threshold.

Risk Level

Medium

Address

Configuration

Compliance Standards

CBP

Remediation

Using Console

To remediate the misconfiguration of maintaining the Minimum Healthy Hosts Fleet Percentage for AWS CodeBuild in AWS console, you can follow these steps:

  1. Access AWS CodeBuild Console:

    • Log in to your AWS Management Console.
    • Go to the AWS CodeBuild service by searching for “CodeBuild” in the search bar.

  2. Select the Project:

    • In the AWS CodeBuild console, select the project for which you want to remediate the misconfiguration.

  3. Edit Project Configuration:

    • Click on the project name to access the project details.
    • Click on the “Edit” button to edit the project configuration.

  4. Update Compute Type:

    • In the project configuration settings, navigate to the “Environment” section.
    • Under the “Environment image” section, you will find the “Compute type” field.
    • Select a compute type that supports maintaining the Minimum Healthy Hosts Fleet Percentage. For example, choose a compute type that allows you to specify the minimum and maximum number of instances to keep running.

  5. Set Minimum Healthy Hosts Fleet Percentage:

    • Look for the settings related to the Minimum Healthy Hosts Fleet Percentage or the number of instances to maintain.
    • Update the configuration to specify the desired percentage or number of instances that should be kept healthy at all times.

  6. Save Configuration Changes:

    • After updating the configuration, scroll down and click on the “Update Project” button to save the changes.

  7. Verify Changes:

    • Once the project configuration is saved, trigger a build or wait for the next scheduled build to ensure that the changes have taken effect.
    • Monitor the project to ensure that the Minimum Healthy Hosts Fleet Percentage is being maintained as per the updated configuration.

By following these steps, you should be able to remediate the misconfiguration of maintaining the Minimum Healthy Hosts Fleet Percentage for AWS CodeBuild in the AWS console.

Using CLI

To remediate the EC2 Minimum Healthy Hosts Fleet Percentage misconfiguration for AWS CodeBuild using AWS CLI, follow these steps:

  1. Identify the CodeBuild project: First, identify the CodeBuild project for which you want to remediate the EC2 Minimum Healthy Hosts Fleet Percentage misconfiguration.

  2. Update the CodeBuild project: Use the AWS CLI command update-project to update the CodeBuild project configuration with the desired minimum healthy hosts fleet percentage. Here’s an example command to update the CodeBuild project:

aws codebuild update-project --name <project-name> --environment "computeType=BUILD_GENERAL1_SMALL,image=aws/codebuild/standard:4.0,minimumHealthyHosts=50"

Replace <project-name> with the actual name of your CodeBuild project. In the environment parameter, specify the minimumHealthyHosts value as per your requirements. In the example command above, it’s set to 50.

  1. Verify the configuration: After running the update-project command, verify the CodeBuild project configuration to ensure that the minimum healthy hosts fleet percentage has been successfully updated. You can use the describe-projects command to check the configuration:
aws codebuild describe-projects --names <project-name>

Replace <project-name> with the name of your CodeBuild project. Check the output to confirm that the minimumHealthyHosts value has been updated to the desired percentage.

By following these steps, you can successfully remediate the EC2 Minimum Healthy Hosts Fleet Percentage misconfiguration for AWS CodeBuild using AWS CLI.

Using Python

To remediate the misconfiguration of maintaining the minimum healthy hosts fleet percentage for AWS CodeBuild using Python, follow these steps:

  1. Create a Lambda function: Create a new Lambda function in the AWS Management Console using Python. This Lambda function will be triggered by CloudWatch Events on a schedule.

  2. Add Lambda function code: Write Python code in the Lambda function that will check the current status of the CodeBuild project and adjust the minimum healthy hosts fleet percentage if it is not within the desired range. Here is an example code snippet to get you started:

import boto3

def lambda_handler(event, context):
    codebuild = boto3.client('codebuild')
    
    project_name = 'YOUR_CODEBUILD_PROJECT_NAME'
    desired_percentage = 80  # Set your desired minimum healthy hosts fleet percentage
    
    response = codebuild.batch_get_projects(names=[project_name])
    project = response['projects'][0]
    
    if 'computeType' in project and 'environmentVariables' in project['computeType']:
        for var in project['computeType']['environmentVariables']:
            if var['name'] == 'MIN_HEALTHY_HOSTS_FLEET_PERCENTAGE':
                current_percentage = int(var['value'])
                if current_percentage != desired_percentage:
                    var['value'] = str(desired_percentage)
                    codebuild.update_project(name=project_name, environment={'environmentVariables': project['computeType']['environmentVariables']})
                    print(f"Minimum healthy hosts fleet percentage updated to {desired_percentage}% for {project_name}")
                    break

  1. Set up CloudWatch Events trigger: In the AWS Management Console, create a new CloudWatch Events rule that triggers the Lambda function at a desired schedule (e.g., every hour).

  2. Test the remediation: Manually trigger the Lambda function to test if it updates the minimum healthy hosts fleet percentage for the specified CodeBuild project.

By following these steps, you can automatically remediate the misconfiguration of maintaining the minimum healthy hosts fleet percentage for AWS CodeBuild using Python and ensure that it stays within the desired range.