Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment

More Info:

Ensure that all your Amazon Elastic Beanstalk (EB) application environments have platform updates enabled in order to receive bug fixes, software updates and new features. Managed platform updates perform immutable environment updates.

Risk Level

Medium

Address

Operational Maturity, Reliability, Security

Compliance Standards

ISO27001, HIPAA

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment” for AWS using AWS CLI, follow the below steps:

Open the terminal and install the AWS CLI if it is not already installed.
Configure the AWS CLI using the aws configure command by providing the Access Key ID, Secret Access Key, Default region name, and output format.
Execute the below command to enable managed platform updates for the Elastic Beanstalk environment:

aws elasticbeanstalk update-environment --environment-name <environment-name> --option-settings Namespace=aws:elasticbeanstalk:managedactions,OptionName=ManagedActionsEnabled,Value=true

Note: Replace <environment-name> with the name of the Elastic Beanstalk environment for which you want to enable managed platform updates.

Verify the changes by executing the below command:

aws elasticbeanstalk describe-environments --environment-names <environment-name> --query "Environments[*].OptionSettings[?Namespace=='aws:elasticbeanstalk:managedactions' && OptionName=='ManagedActionsEnabled'].Value" --output text

Note: Replace <environment-name> with the name of the Elastic Beanstalk environment for which you have enabled managed platform updates.The output of the above command should be true, which indicates that managed platform updates are enabled for the Elastic Beanstalk environment.

Using Python

To remediate the misconfiguration “Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment” for AWS using Python, you can use the AWS SDK for Python (Boto3) to enable managed platform updates for your Elastic Beanstalk environment. Here are the step-by-step instructions:

Install Boto3:

pip install boto3

Import the Boto3 library and create an Elastic Beanstalk client:

import boto3

eb_client = boto3.client('elasticbeanstalk')

Retrieve the list of environments in your account:

response = eb_client.describe_environments()
environments = response['Environments']

Loop through the list of environments and enable managed platform updates for each one:

for environment in environments:
    environment_name = environment['EnvironmentName']
    environment_id = environment['EnvironmentId']
    environment_settings = eb_client.describe_configuration_settings(
        ApplicationName='your_application_name',
        EnvironmentName=environment_name
    )
    for setting in environment_settings['ConfigurationSettings'][0]['OptionSettings']:
        if setting['OptionName'] == 'ManagedActionsEnabled':
            if setting['Value'] == 'false':
                eb_client.update_environment(
                    EnvironmentId=environment_id,
                    OptionSettings=[
                        {
                            'Namespace': 'aws:elasticbeanstalk:managedactions',
                            'OptionName': 'ManagedActionsEnabled',
                            'Value': 'true'
                        }
                    ]
                )
                print(f"Managed platform updates enabled for environment {environment_name}")

This code will loop through all the Elastic Beanstalk environments in your account, check if managed platform updates are already enabled, and enable them if they are not. Note that you will need to replace your_application_name with the name of your Elastic Beanstalk application.

Additional Reading:

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-platform-update-managed.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: