AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment
More Info:
Ensure that all your Amazon Elastic Beanstalk (EB) application environments have platform updates enabled in order to receive bug fixes, software updates and new features. Managed platform updates perform immutable environment updates.
Risk Level
Medium
Address
Operational Maturity, Reliability, Security
Compliance Standards
ISO27001, HIPAA
Triage and Remediation
Remediation
To remediate the misconfiguration “Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment” in AWS using AWS console, follow the below steps:
- Login to AWS Management Console.
- Navigate to Elastic Beanstalk service.
- Select the environment for which you want to enable the managed platform updates.
- Click on the “Configuration” option from the left-hand menu.
- Scroll down to the “Managed platform updates” section and click on “Edit”.
- Select the “Enable managed platform updates” checkbox.
- Choose the “All platform updates” option from the dropdown.
- Click on the “Apply” button to save the changes.
- Wait for the environment to update with the latest platform version.
By following the above steps, you will be able to remediate the misconfiguration “Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment” for AWS using AWS console.
To remediate the misconfiguration “Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment” for AWS using AWS CLI, follow the below steps:
-
Open the terminal and install the AWS CLI if it is not already installed.
-
Configure the AWS CLI using the
aws configurecommand by providing the Access Key ID, Secret Access Key, Default region name, and output format. -
Execute the below command to enable managed platform updates for the Elastic Beanstalk environment:
aws elasticbeanstalk update-environment --environment-name <environment-name> --option-settings Namespace=aws:elasticbeanstalk:managedactions,OptionName=ManagedActionsEnabled,Value=true
Note: Replace <environment-name> with the name of the Elastic Beanstalk environment for which you want to enable managed platform updates.
- Verify the changes by executing the below command:
aws elasticbeanstalk describe-environments --environment-names <environment-name> --query "Environments[*].OptionSettings[?Namespace=='aws:elasticbeanstalk:managedactions' && OptionName=='ManagedActionsEnabled'].Value" --output text
Note: Replace <environment-name> with the name of the Elastic Beanstalk environment for which you have enabled managed platform updates.
The output of the above command should be true, which indicates that managed platform updates are enabled for the Elastic Beanstalk environment.
To remediate the misconfiguration “Ensure Managed Platform Updates Are Enabled For Elastic Beanstalk Environment” for AWS using Python, you can use the AWS SDK for Python (Boto3) to enable managed platform updates for your Elastic Beanstalk environment. Here are the step-by-step instructions:
- Install Boto3:
pip install boto3
- Import the Boto3 library and create an Elastic Beanstalk client:
import boto3
eb_client = boto3.client('elasticbeanstalk')
- Retrieve the list of environments in your account:
response = eb_client.describe_environments()
environments = response['Environments']
- Loop through the list of environments and enable managed platform updates for each one:
for environment in environments:
environment_name = environment['EnvironmentName']
environment_id = environment['EnvironmentId']
environment_settings = eb_client.describe_configuration_settings(
ApplicationName='your_application_name',
EnvironmentName=environment_name
)
for setting in environment_settings['ConfigurationSettings'][0]['OptionSettings']:
if setting['OptionName'] == 'ManagedActionsEnabled':
if setting['Value'] == 'false':
eb_client.update_environment(
EnvironmentId=environment_id,
OptionSettings=[
{
'Namespace': 'aws:elasticbeanstalk:managedactions',
'OptionName': 'ManagedActionsEnabled',
'Value': 'true'
}
]
)
print(f"Managed platform updates enabled for environment {environment_name}")
This code will loop through all the Elastic Beanstalk environments in your account, check if managed platform updates are already enabled, and enable them if they are not. Note that you will need to replace your_application_name with the name of your Elastic Beanstalk application.