AWS Elastic Beanstalk environment managed platform updates are not enabled
Description
This policy is examining if managed platform updates are enabled for Elastic Beanstalk. Elastic Beanstalk is a platform as a service (PaaS) product from Amazon Web Services (AWS) that provides automated deployment and scaling features for applications. Ensuring platform updates are managed automatically is crucial for the overall security and performance of the applications running on the platform.
Neglecting to enable these updates can cause potential security vulnerabilities due to outdated software or systems. As AWS regularly releases updates to improve the performance, stability, and security of the platform, these updates often contain important fixes for known issues or vulnerabilities. Therefore, if automatic updates are not enabled, the responsibility falls to the user to manually check and apply updates, which increases the risk of missing critical updates. This can result in high severity security risks, loss of data, and potential system downtime.
Code Example
resource "aws_elastic_beanstalk_environment" "example" {
// Some other configurations
setting {
namespace = "aws:elasticbeanstalk:managedactions"
name = "ManagedActionsEnabled"
value = "true"
}
}Remediation
Terraform
- Resource: aws_elastic_beanstalk_environment
- Arguments: ManagedActionsEnabled
To fix this issue, you should enable managed platform updates. This will ensure that Elastic Beanstalk environment automatically updates instances with latest security patches and code updates.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0387 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_340 |