Ensure that all your Amazon Elastic Beanstalk (EB) application environments have platform updates enabled in order to receive bug fixes, software updates and new features. Managed platform updates perform immutable environment updates. These automatic updates promote your Elastic Beanstalk environment to a new platform version. Immutable updates update your application environment without taking any EC2 instances out of service or modifying your environment. In an immutable platform update, the EB service deploys as many instances as are currently running with the new platform version. The new EC2 instances begin to take requests alongside those running the old version and if the new set of instances passes all health checks, AWS EB shuts down (terminates) the old set of instances, leaving only the instances with the new configuration.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
It is crucial to keep your Elastic Beanstalk (EB) application environments up to date. AWS EB regularly releases updates for Linux and Windows Server based platforms that run applications on an EB environment. These updates contain patches, security fixes, software updates that improve usability and/or performance and new platform features.
Note: The AWS EB managed platform updates are not currently available for .NET applications on Windows Server platform.
To identify Elastic Beanstalk environments that don’t receive automatic (managed) platform updates, perform the following:
To enable managed platform updates for your existing Amazon Elastic Beanstalk (EB) application environments, perform the following actions: