Elastic Beanstalk environments do not have enhanced health reporting enabled
Description
This policy is checking to make sure that Elastic Beanstalk environments have enhanced health reporting enabled. Enhanced health reporting is a feature that provides additional information about resource utilization and instance health, making it easier to identify and troubleshoot issues. Not having this feature enabled could potentially lead to undetected operational issues, resulting in downtime or impaired system performance. Monitoring and troubleshooting are key elements in maintaining system stability and performance, thus the absence of enhanced health reporting is a high risk.
Code Example
go
resource "aws_elastic_beanstalk_environment" "pass" {
name = "beany"
application = var.elastic_beanstalk_application_name
description = var.description
tier = var.tier
solution_stack_name = var.solution_stack_name
wait_for_ready_timeout = var.wait_for_ready_timeout
version_label = var.version_label
tags = local.tags
+ setting {
+ namespace = "aws:elasticbeanstalk:healthreporting:system"
+ name = "HealthStreamingEnabled"
+ value = "true"
+ }
}Remediation
Terraform
- Resource: aws_elastic_beanstalk_environment
- Arguments: namespace, HealthStreamingEnabled
In order to fix this issue, you need to enable enhanced health reporting in your Elastic Beanstalk environment configuration.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0359 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_312 |