|
|
AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
What is AWS Elastic Beanstalk? |
|
|
With Elastic Beanstalk you can deploy web applications into the AWS Cloud on a variety of |
|
|
supported platforms. You build and deploy your applications. Elastic Beanstalk provisions Amazon |
|
|
EC2 instances, configures load balancing, sets up health monitoring, and dynamically scales your |
|
|
environment. |
|
|
In addition to web server environments, Elastic Beanstalk also provides worker environments which |
|
|
you can use to process messages from an Amazon SQS queue, useful for asynchronous or longrunning tasks. For more information, see Elastic Beanstalk worker environments. |
|
|
|
|
|
1 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Supported platforms |
|
|
Elastic Beanstalk supports applications developed in Go, Java, .NET, Node.js, PHP, Python, |
|
|
and Ruby. Elastic Beanstalk also supports Docker containers, where you can choose your own |
|
|
programming language and application dependencies. When you deploy your application, Elastic |
|
|
Supported platforms |
|
|
|
|
|
2 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Beanstalk builds the selected supported platform version and provisions one or more AWS |
|
|
resources, such as Amazon EC2 instances, in your AWS account to run your application. |
|
|
You can interact with Elastic Beanstalk through the Elastic Beanstalk console, the AWS Command |
|
|
Line Interface (AWS CLI), or the EB CLI, a high-level command line tool designed specifically for |
|
|
Elastic Beanstalk. |
|
|
You can perform most deployment tasks, such as changing the size of your fleet of Amazon |
|
|
EC2 instances or monitoring your application, directly from the Elastic Beanstalk web interface |
|
|
(console). |
|
|
To learn more about how to deploy a sample web application using Elastic Beanstalk, see Learn |
|
|
how to get started with Elastic Beanstalk. |
|
|
|
|
|
Application deploy workflow |
|
|
To use Elastic Beanstalk, you create an application, then upload your application source bundle |
|
|
to Elastic Beanstalk. Next, you provide information about the application, and Elastic Beanstalk |
|
|
automatically launches an environment and creates and configures the AWS resources needed to |
|
|
run your code. |
|
|
After you create and deploy your application and your environment is launched, you can manage |
|
|
your environment and deploy new application versions. Information about the application— |
|
|
including metrics, events, and environment status—is made available through the Elastic Beanstalk |
|
|
console, APIs, and Command Line Interfaces. |
|
|
The following diagram illustrates Elastic Beanstalk workflow: |
|
|
|
|
|
Pricing |
|
|
There is no additional charge for Elastic Beanstalk. You pay only for the underlying AWS resources |
|
|
that your application consumes. For details about pricing, see the Elastic Beanstalk service detail |
|
|
page. |
|
|
Application deploy workflow |
|
|
|
|
|
3 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Next steps |
|
|
We recommend the tutorial, Getting started tutorial, to start using Elastic Beanstalk. The tutorial |
|
|
steps you through creating, viewing, and updating a sample Elastic Beanstalk application. |
|
|
|
|
|
Next steps |
|
|
|
|
|
4 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Learn how to get started with Elastic Beanstalk |
|
|
With Elastic Beanstalk you can deploy, monitor, and scale web applications and services. Typically, |
|
|
you will develop your code locally then deploy it to Amazon EC2 server instances. Theses instances, |
|
|
also called environments, run on platforms that can be upgraded through the AWS console or the |
|
|
command line. |
|
|
To get started, we recommend deploying a pre-built sample application directly from the console. |
|
|
Then, you can learn how to develop locally and deploy from the command line in the the section |
|
|
called “QuickStart for PHP”. |
|
|
There is no cost for using Elastic Beanstalk, but standard fees do apply to AWS resources that you |
|
|
create during the course of this tutorial until you delete them at the end. The total charges are |
|
|
typically less than a dollar. For information about how to minimize charges, see AWS free tier. |
|
|
After completing this tutorial, you will understand the basics of creating, configuring, deploying, |
|
|
updating, and monitoring an Elastic Beanstalk application with environments running on Amazon |
|
|
EC2 instances. |
|
|
Estimated duration: 35-45 minutes |
|
|
|
|
|
5 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
What you will build |
|
|
Your first Elastic Beanstalk application will consist of a single Amazon EC2 environment running |
|
|
the PHP sample on a PHP managed platform. |
|
|
Elastic Beanstalk application |
|
|
An Elastic Beanstalk application is a container for Elastic Beanstalk components, including |
|
|
environments where your application code runs on platforms provided and managed by Elastic |
|
|
Beanstalk, or in custom containers that you provide. |
|
|
Environment |
|
|
An Elastic Beanstalk environment is a collection of AWS resources running together including |
|
|
an Amazon EC2 instance. When you create an environment, Elastic Beanstalk provisions the |
|
|
necessary resources into your AWS account. |
|
|
Platform |
|
|
A platform is a combination of an operating system, programming language runtime, web |
|
|
server, application server, and additional Elastic Beanstalk components. Elastic Beanstalk |
|
|
provides manged platforms, or you can provide your own platform in a container. |
|
|
Elastic Beanstalk supports platforms for different programming languages, application servers, |
|
|
and Docker containers. When you create an environment, you must choose the platform. You can |
|
|
upgrade the platform, but you cannot change the platform for an environment. |
|
|
Switching platforms |
|
|
If you need to change programming languages, you must create and switch to a new |
|
|
environment on a different platform. |
|
|
|
|
|
Step 1 - Create an application |
|
|
To create your example application, you'll use the Create application console wizard. It creates an |
|
|
Elastic Beanstalk application and launches an environment within it. |
|
|
Reminder: an environment is a collection of AWS resources required to run your application code. |
|
|
What you will build |
|
|
|
|
|
7 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
To create an application |
|
|
1. |
|
|
|
|
|
Open the Elastic Beanstalk console. |
|
|
|
|
|
2. |
|
|
|
|
|
Choose Create application. |
|
|
|
|
|
3. |
|
|
|
|
|
For Application name enter getting-started-app. |
|
|
|
|
|
The console provides a six step process for creating an application and configuring an environment. |
|
|
For this quick start, you'll only need to focus on the first two steps, then you can skip ahead to |
|
|
review and create your application and environment. |
|
|
To configure an environment |
|
|
1. |
|
|
|
|
|
In Environment information, for Environment name enter: gs-app-web-env. |
|
|
|
|
|
2. |
|
|
|
|
|
For Platform, choose the PHP platform. |
|
|
|
|
|
3. |
|
|
|
|
|
For Application code and Presets, accept the defaults (Sample application and Single instance), |
|
|
then choose Next. |
|
|
|
|
|
To configure service access |
|
|
Next, you need two roles. A service role allows Elastic Beanstalk to monitor your EC2 instances and |
|
|
upgrade you environment’s platform. An EC2 instance profile role permits tasks such as writing logs |
|
|
and interacting with other services. |
|
|
To create the Service role |
|
|
1. |
|
|
|
|
|
For Service role, choose Create role. |
|
|
|
|
|
2. |
|
|
|
|
|
For Trusted entity type, choose AWS service. |
|
|
|
|
|
Step 1 - Create an application |
|
|
|
|
|
8 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
3. |
|
|
|
|
|
For Use case, choose Elastic Beanstalk – Environment. |
|
|
|
|
|
4. |
|
|
|
|
|
Choose Next. |
|
|
|
|
|
5. |
|
|
|
|
|
Verify that Permissions policies include the following, then choose Next: |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
• AWSElasticBeanstalkEnhancedHealth |
|
|
• AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy |
|
|
6. |
|
|
|
|
|
Choose Create role. |
|
|
|
|
|
7. |
|
|
|
|
|
Return to the Configure service access tab, refresh the list, then select the newly created |
|
|
service role. |
|
|
|
|
|
To create the EC2 instance profile |
|
|
1. |
|
|
|
|
|
Choose Create role. |
|
|
|
|
|
2. |
|
|
|
|
|
For Trusted entity type, choose AWS service. |
|
|
|
|
|
3. |
|
|
|
|
|
For Use case, choose Elastic Beanstalk – Compute. |
|
|
|
|
|
4. |
|
|
|
|
|
Choose Next. |
|
|
|
|
|
5. |
|
|
|
|
|
Verify that Permissions policies include the following, then choose Next: |
|
|
• AWSElasticBeanstalkWebTier |
|
|
• AWSElasticBeanstalkWorkerTier |
|
|
• AWSElasticBeanstalkMulticontainerDocker |
|
|
|
|
|
6. |
|
|
|
|
|
Choose Create role. |
|
|
|
|
|
7. |
|
|
|
|
|
Return to the Configure service access tab, refresh the list, then select the newly created EC2 |
|
|
instance profile. |
|
|
|
|
|
To finish configuring and creating your application |
|
|
1. |
|
|
|
|
|
Skip over EC2 key pair. |
|
|
We'll show you other ways to connect to your Amazon EC2 instances through the Console. |
|
|
|
|
|
2. |
|
|
|
|
|
Choose Skip to Review to move over several optional steps. |
|
|
Optional steps: networking, databases, scaling parameters, advanced configuration for updates, |
|
|
monitoring, and logging. |
|
|
|
|
|
3. |
|
|
|
|
|
On the Review page which shows a summary of your choices, choose Submit. |
|
|
|
|
|
Step 1 - Create an application |
|
|
|
|
|
9 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Congratulations! |
|
|
You have created an application and configured an environment! Now you need to wait for |
|
|
the resources to deploy. |
|
|
|
|
|
Step 2 - Deploy your application |
|
|
When you create an application, Elastic Beanstalk sets up the environments for you. You just need |
|
|
to sit back and wait. |
|
|
The initial deploy can take up to five minutes to create the resources. Updates will take less time |
|
|
because only changes will be deployed to your stack. |
|
|
|
|
|
When you create the example application, Elastic Beanstalk creates the following resources: |
|
|
• EC2 instance – An Amazon EC2 virtual machine configured to run web apps on the platform you |
|
|
selected. |
|
|
Every platform runs a different set of software, configuration files, and scripts to support a |
|
|
specific language version, framework, web container, or combination thereof. Most platforms |
|
|
use either Apache or nginx as a reverse proxy to forward web traffic to your web app, serve static |
|
|
assets, and generate access and error logs. You can connect to your Amazon EC2 instances to |
|
|
view configuration and logs. |
|
|
|
|
|
Step 2 - Deploy your application |
|
|
|
|
|
10 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
• Instance security group – An Amazon EC2 security group will be created to allow incoming |
|
|
requests on port 80, so inbound traffic on a load balancer can reach your web app. |
|
|
• Amazon S3 bucket – A storage location for your source code, logs, and other artifacts. |
|
|
• Amazon CloudWatch alarms – Two CloudWatch alarms are created to monitor the load on your |
|
|
instances and scale them up or down as needed. |
|
|
• AWS CloudFormation stack – Elastic Beanstalk uses AWS CloudFormation to deploy the |
|
|
resources in your environment and make configuration changes. You can view the resource |
|
|
definition template in the AWS CloudFormation console. |
|
|
• Domain name – A domain name that routes to your web app in the form : |
|
|
subdomain.region.elasticbeanstalk.com. |
|
|
Elastic Beanstalk creates your application, launches an environment, makes an application version, |
|
|
then deploys your code into the environment. During the process, the console tracks progress and |
|
|
displays event status in the Events tab. |
|
|
|
|
|
Step 2 - Deploy your application |
|
|
|
|
|
11 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Your application is ready! |
|
|
After you see your application health change to Ok, you can browse to your web |
|
|
application's website. |
|
|
|
|
|
Step 3 - Explore the Elastic Beanstalk environment |
|
|
You'll start exploring your deployed application environment from the Environment overview |
|
|
page in the console. |
|
|
To view the environment and your application |
|
|
1. |
|
|
|
|
|
Open the Elastic Beanstalk console, and in the Regions list, select your AWS Region. |
|
|
|
|
|
2. |
|
|
|
|
|
In the navigation pane, choose Environments, and then choose the name of your environment |
|
|
from the list. |
|
|
|
|
|
3. |
|
|
|
|
|
Choose Go to environment to browse your application! |
|
|
(You can also choose the URL link listed for Domain to browse your application.) |
|
|
The connection will be HTTP (not HTTPS), so you might see a warning in your browser. |
|
|
|
|
|
Step 3 - Explore the environment |
|
|
|
|
|
13 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Back in the Elastic Beanstalk console, the upper portion shows the Environment overview with |
|
|
top level information about your environment, including name, domain URL, current health status, |
|
|
running version, and the platform that the application is running on. The running version and |
|
|
platform are essential for troubleshooting your currently deployed application. |
|
|
After the overview pane, you will see recent environment activity in the Events tab. |
|
|
|
|
|
Step 3 - Explore the environment |
|
|
|
|
|
14 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
While Elastic Beanstalk creates your AWS resources and launches your application, the environment |
|
|
is in a Pending state. Status messages about launch events are continuously added to the list of |
|
|
Events . |
|
|
The environment's Domain is the URL for your deployed web application. In the left navigation |
|
|
pane, Go to environment also takes you to your domain. Similarly, the left navigation pane has |
|
|
links that correspond to the various tabs. |
|
|
Take note of the Configuration link in the left navigation pane. which displays a summary of |
|
|
environment configuration option values, grouped by category. |
|
|
|
|
|
Environment configuration settings |
|
|
Take note of the Configuration link in the left navigation pane. You can view and edit |
|
|
detailed environment settings, such as service roles, networking, database, scaling, |
|
|
managed platform updates, memory, health monitoring, rolling deployment, logging, and |
|
|
more! |
|
|
|
|
|
The various tabs contain detailed information about your environment: |
|
|
|
|
|
Step 3 - Explore the environment |
|
|
|
|
|
15 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Understanding concepts in Elastic Beanstalk |
|
|
Becoming familiar with the concepts and terms will help you gain an understanding needed for |
|
|
deploying your applications with Elastic Beanstalk. |
|
|
|
|
|
142 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Application |
|
|
An Elastic Beanstalk application is a container for Elastic Beanstalk components, including |
|
|
environments, versions, and environment configurations. Within an Elastic Beanstalk application, |
|
|
you manage all the resources relevant to running your code. |
|
|
|
|
|
Application version |
|
|
In Elastic Beanstalk, an application version refers to a specific, labeled iteration of deployable code |
|
|
for a web application. An application version points to an Amazon Simple Storage Service (Amazon |
|
|
S3) object that contains the deployable code, such as a Java WAR file. |
|
|
An application version is part of an application. Applications can have many versions and each |
|
|
application version is unique. In a running environment, you can deploy any application version you |
|
|
already uploaded to the application, or you can upload and immediately deploy a new application |
|
|
version. For example, you could upload multiple application versions to test differences between |
|
|
them. |
|
|
|
|
|
Environment |
|
|
An environment is a collection of AWS resources running an application version. Each environment |
|
|
runs only one application version at a time, however, you can run the same application version |
|
|
or different application versions in many environments simultaneously. When you create an |
|
|
environment, Elastic Beanstalk provisions the resources needed in your AWS account to run the |
|
|
application version you specified. |
|
|
|
|
|
Environment tier |
|
|
When you launch an Elastic Beanstalk environment, you first choose an environment tier. The |
|
|
environment tier designates the type of application that the environment runs and determines |
|
|
what resources Elastic Beanstalk provisions to support it. An application that serves HTTP requests |
|
|
runs in a web server environment tier. A backend environment that pulls tasks from an Amazon |
|
|
Simple Queue Service (Amazon SQS) queue runs in a worker environment tier. |
|
|
|
|
|
Environment configuration |
|
|
An environment configuration identifies a collection of parameters and settings that define |
|
|
how an environment and its associated resources behave. When you update an environment’s |
|
|
Application |
|
|
|
|
|
143 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
configuration settings, Elastic Beanstalk automatically applies the changes to existing resources or |
|
|
deletes and deploys new resources (depending on the type of change). |
|
|
|
|
|
Saved configuration |
|
|
A saved configuration is a template that you can use as a starting point for creating unique |
|
|
environment configurations. You can create and modify saved configurations, and apply them to |
|
|
environments, using the Elastic Beanstalk console, EB CLI, AWS CLI, or API. The API and the AWS |
|
|
CLI refer to saved configurations as configuration templates. |
|
|
|
|
|
Platform |
|
|
A platform is a combination of an operating system, programming language runtime, web server, |
|
|
application server, and Elastic Beanstalk components. You design and target your web application |
|
|
to a platform. Elastic Beanstalk provides a variety of platforms on which you can build your |
|
|
applications. |
|
|
For details, see Elastic Beanstalk platforms. |
|
|
|
|
|
Elastic Beanstalk web server environments |
|
|
The following diagram shows an example Elastic Beanstalk architecture for a web server |
|
|
environment tier, and shows how the components in that type of environment tier work together. |
|
|
|
|
|
Saved configuration |
|
|
|
|
|
144 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
The environment is the heart of the application. In the diagram, the environment is shown within |
|
|
the top-level solid line. When you create an environment, Elastic Beanstalk provisions the resources |
|
|
required to run your application. AWS resources created for an environment include one elastic |
|
|
load balancer (ELB in the diagram), an Auto Scaling group, and one or more Amazon Elastic |
|
|
Compute Cloud (Amazon EC2) instances. |
|
|
Every environment has a CNAME (URL) that points to a load balancer. The environment |
|
|
has a URL, such as myapp.us-west-2.elasticbeanstalk.com. This URL is aliased in |
|
|
Amazon Route 53 to an Elastic Load Balancing URL—something like abcdef-123456.uswest-2.elb.amazonaws.com—by using a CNAME record. Amazon Route 53 is a highly available |
|
|
and scalable Domain Name System (DNS) web service. It provides secure and reliable routing to |
|
|
your infrastructure. Your domain name that you registered with your DNS provider will forward |
|
|
requests to the CNAME. |
|
|
The load balancer sits in front of the Amazon EC2 instances, which are part of an Auto Scaling |
|
|
group. Amazon EC2 Auto Scaling automatically starts additional Amazon EC2 instances to |
|
|
accommodate increasing load on your application. If the load on your application decreases, |
|
|
Amazon EC2 Auto Scaling stops instances, but always leaves at least one instance running. |
|
|
The software stack running on the Amazon EC2 instances is dependent on the container type. |
|
|
A container type defines the infrastructure topology and software stack to be used for that |
|
|
environment. For example, an Elastic Beanstalk environment with an Apache Tomcat container uses |
|
|
the Amazon Linux operating system, Apache web server, and Apache Tomcat software. For a list of |
|
|
supported container types, see Elastic Beanstalk supported platforms. Each Amazon EC2 instance |
|
|
that runs your application uses one of these container types. In addition, a software component |
|
|
called the host manager (HM) runs on each Amazon EC2 instance. The host manager is responsible |
|
|
for the following: |
|
|
• Deploying the application |
|
|
• Aggregating events and metrics for retrieval via the console, the API, or the command line |
|
|
• Generating instance-level events |
|
|
• Monitoring the application log files for critical errors |
|
|
• Monitoring the application server |
|
|
• Patching instance components |
|
|
• Rotating your application's log files and publishing them to Amazon S3 |
|
|
|
|
|
Web server environments |
|
|
|
|
|
145 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
The host manager reports metrics, errors and events, and server instance status, which are |
|
|
available via the Elastic Beanstalk console, APIs, and CLIs. |
|
|
The Amazon EC2 instances shown in the diagram are part of one security group. A security group |
|
|
defines the firewall rules for your instances. By default, Elastic Beanstalk defines a security |
|
|
group, which allows everyone to connect using port 80 (HTTP). You can define more than one |
|
|
security group. For example, you can define a security group for your database server. For more |
|
|
information about Amazon EC2 security groups and how to configure them for your Elastic |
|
|
Beanstalk application, see EC2 security groups. |
|
|
|
|
|
Elastic Beanstalk worker environments |
|
|
AWS resources created for a worker environment tier include an Auto Scaling group, one or more |
|
|
Amazon EC2 instances, and an IAM role. For the worker environment tier, Elastic Beanstalk also |
|
|
creates and provisions an Amazon SQS queue if you don’t already have one. When you launch a |
|
|
worker environment, Elastic Beanstalk installs the necessary support files for your programming |
|
|
language of choice and a daemon on each EC2 instance in the Auto Scaling group. The daemon |
|
|
reads messages from an Amazon SQS queue. The daemon sends data from each message that |
|
|
it reads to the web application running in the worker environment for processing. If you have |
|
|
multiple instances in your worker environment, each instance has its own daemon, but they all read |
|
|
from the same Amazon SQS queue. |
|
|
The following diagram shows the different components and their interactions across environments |
|
|
and AWS services. |
|
|
|
|
|
Worker environments |
|
|
|
|
|
146 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Amazon CloudWatch is used for alarms and health monitoring. For more information, go to Basic |
|
|
health reporting. |
|
|
For details about how the worker environment tier works, see Elastic Beanstalk worker |
|
|
environments. |
|
|
|
|
|
Design considerations for your Elastic Beanstalk applications |
|
|
Because applications deployed using AWS Elastic Beanstalk run on AWS Cloud resources, you |
|
|
should keep several configuration factors in mind to optimize your applications: scalability, security, |
|
|
persistent storage, fault tolerance, content delivery, software updates and patching, and connectivity. |
|
|
Each of these are covered separately in this topic. For a comprehensive list of technical AWS |
|
|
whitepapers, covering topics such as architecture, as well as security and economics, see AWS Cloud |
|
|
Computing Whitepapers. |
|
|
|
|
|
Design considerations |
|
|
|
|
|
147 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Scalability |
|
|
When operating in a physical hardware environment, in contrast to a cloud environment, you can |
|
|
approach scalability in one of either two ways. Either you can scale up through vertical scaling |
|
|
or you can scale out through horizontal scaling. The scale-up approach requires that you invest |
|
|
in powerful hardware, which can support the increasing demands of your business. The scaleout approach requires that you follow a distributed model of investment. As such, your hardware |
|
|
and application acquisitions can be more targeted, your data sets are federated, and your design |
|
|
is service oriented. The scale-up approach can be expensive, and there's also the risk that your |
|
|
demand could outgrow your capacity. In this regard, the scale-out approach is usually more |
|
|
effective. However, when using it, you must be able to predict demand at regular intervals and |
|
|
deploy infrastructure in chunks to meet that demand. As a result, this approach can often lead to |
|
|
unused capacity and might require some careful monitoring. |
|
|
By migrating to the cloud, you can make your infrastructure align well with demand by leveraging |
|
|
the elasticity of cloud. Elasticity helps to streamline resource acquisition and release. With it, |
|
|
your infrastructure can rapidly scale in and scale out as demand fluctuates. To use it, configure |
|
|
your Auto Scaling settings to scale up or down based on the metrics for the resources in your |
|
|
environment. For example, you can set metrics such as server utilization or network I/O. You can |
|
|
use Auto Scaling for compute capacity to be added automatically whenever usage rises and for it |
|
|
to be removed whenever usage drops. You can publish system metrics (for example, CPU, memory, |
|
|
disk I/O, and network I/O) to Amazon CloudWatch. Then, you can use CloudWatch to configure |
|
|
alarms to trigger Auto Scaling actions or send notifications based on these metrics. For instructions |
|
|
on how to configure Auto Scaling, see Auto Scaling your Elastic Beanstalk environment instances. |
|
|
We also recommend that you design all your Elastic Beanstalk applications as stateless as possible, |
|
|
using loosely coupled, fault-tolerant components that can be scaled out as needed. For more |
|
|
information about designing scalable application architectures for AWS, see AWS Well-Architected |
|
|
Framework. |
|
|
|
|
|
Security |
|
|
Security on AWS is a shared responsibility. Amazon Web Services protects the physical resources |
|
|
in your environment and ensures that the Cloud is a safe place for you to run applications. You're |
|
|
responsible for the security of data coming in and out of your Elastic Beanstalk environment and |
|
|
the security of your application. |
|
|
Configure SSL to protect information that flows between your application and clients. To configure |
|
|
SSL, you need a free certificate from AWS Certificate Manager (ACM). If you already have a |
|
|
Scalability |
|
|
|
|
|
148 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
certificate from an external certificate authority (CA), you can use ACM to import that your |
|
|
certificate. Otherwise, you can import it using the AWS CLI. |
|
|
If ACM isn't available in your AWS Region, you can purchase a certificate from an external CA, such |
|
|
as VeriSign or Entrust. Then, use the AWS Command Line Interface (AWS CLI) to upload a thirdparty or self-signed certificate and private key to AWS Identity and Access Management (IAM). The |
|
|
public key of the certificate authenticates your server to the browser. It also serves as the basis for |
|
|
creating the shared session key that encrypts the data in both directions. For instructions on how |
|
|
to create, upload, and assign an SSL certificate to your environment, see Configuring HTTPS for |
|
|
your Elastic Beanstalk environment. |
|
|
When you configure an SSL certificate for your environment, data is encrypted between the client |
|
|
and the Elastic Load Balancing load balancer for your environment. By default, encryption is |
|
|
terminated at the load balancer, and traffic between the load balancer and Amazon EC2 instances |
|
|
is unencrypted. |
|
|
|
|
|
Persistent storage |
|
|
Elastic Beanstalk applications run on Amazon EC2 instances that have no persistent local storage. |
|
|
When the Amazon EC2 instances terminate, the local file system isn't saved. New Amazon EC2 |
|
|
instances start with a default file system. We recommend that you configure your application to |
|
|
store data in a persistent data source. AWS offers a number of persistent storage services that you |
|
|
can use for your application. The following table lists them. |
|
|
Storage service |
|
|
|
|
|
Service documentation |
|
|
|
|
|
Elastic Beanstalk integration |
|
|
|
|
|
Amazon S3 |
|
|
|
|
|
Amazon Simple Storage |
|
|
Service Documentation |
|
|
|
|
|
Using Elastic Beanstalk with |
|
|
Amazon S3 |
|
|
|
|
|
Amazon Elastic File |
|
|
System |
|
|
|
|
|
Amazon Elastic File System |
|
|
Documentation |
|
|
|
|
|
Using Elastic Beanstalk with |
|
|
Amazon Elastic File System |
|
|
|
|
|
Amazon Elastic Block |
|
|
Store |
|
|
|
|
|
Amazon Elastic Block Store |
|
|
|
|
|
Amazon DynamoDB |
|
|
|
|
|
Amazon DynamoDB |
|
|
Documentation |
|
|
|
|
|
Persistent storage |
|
|
|
|
|
Feature Guide: Elastic Block |
|
|
Store |
|
|
Using Elastic Beanstalk with |
|
|
Amazon DynamoDB |
|
|
149 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Storage service |
|
|
|
|
|
Service documentation |
|
|
|
|
|
Elastic Beanstalk integration |
|
|
|
|
|
Amazon Relational |
|
|
Database Service (RDS) |
|
|
|
|
|
Amazon Relational Database |
|
|
Service Documentation |
|
|
|
|
|
Using Elastic Beanstalk with |
|
|
Amazon RDS |
|
|
|
|
|
Note |
|
|
Elastic Beanstalk creates a webapp user for you to set up as the owner of application |
|
|
directories on EC2 instances. For Amazon Linux 2 platform versions that are released on |
|
|
or after Feburary 3, 2022, Elastic Beanstalk assigns the webapp user a uid (user id) and gid |
|
|
(group id) value of 900 for new environments. It does the same for existing environments |
|
|
following a platform version update. This approach keeps consistent access permission for |
|
|
the webapp user to permanent file system storage. |
|
|
In the unlikely situation that another user or process is already using 900, the operating |
|
|
system defaults the webapp user uid and gid to another value. Run the Linux command |
|
|
id webapp on your EC2 instances to verify the uid and gid values that are assigned to the |
|
|
webapp user. |
|
|
|
|
|
Fault tolerance |
|
|
As a rule of thumb, you should be a pessimist when designing architecture for the cloud. Leverage |
|
|
the elasticity that it offers. Always design, implement, and deploy for automated recovery from |
|
|
failure. Use multiple Availability Zones for your Amazon EC2 instances and for Amazon RDS. |
|
|
Availability Zones are conceptually like logical data centers. Use Amazon CloudWatch to get more |
|
|
visibility into the health of your Elastic Beanstalk application and take appropriate actions in case |
|
|
of hardware failure or performance degradation. Configure your Auto Scaling settings to maintain |
|
|
your fleet of Amazon EC2 instances at a fixed size so that unhealthy Amazon EC2 instances are |
|
|
replaced by new ones. If you're using Amazon RDS, then set the retention period for backups, so |
|
|
that Amazon RDS can perform automated backups. |
|
|
|
|
|
Content delivery |
|
|
When users connect to your website, their requests may be routed through a number of individual |
|
|
networks. As a result, users might experience poor performance due to high latency. Amazon |
|
|
CloudFront can help ameliorate latency issues by distributing your web content, such as images |
|
|
and video, across a network of edge locations around the world. Users' requests are routed to the |
|
|
Fault tolerance |
|
|
|
|
|
150 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
nearest edge location, so content is delivered with the best possible performance. CloudFront |
|
|
works seamlessly with Amazon S3, which durably stores the original, definitive versions of your |
|
|
files. For more information about Amazon CloudFront, see the Amazon CloudFront Developer |
|
|
Guide. |
|
|
|
|
|
Software updates and patching |
|
|
AWS Elastic Beanstalk regularly releases platform updates to provide fixes, software updates, |
|
|
and new features. Elastic Beanstalk offers several options to handle platform updates. With |
|
|
managed platform updates your environment automatically upgrades to the latest version of a |
|
|
platform during a scheduled maintenance window while your application remains in service. For |
|
|
environments created on November 25, 2019 or later using the Elastic Beanstalk console, managed |
|
|
updates are enabled by default whenever possible. You can also manually initiate updates using |
|
|
the Elastic Beanstalk console or EB CLI. |
|
|
|
|
|
Connectivity |
|
|
Elastic Beanstalk needs to be able to connect to the instances in your environment to complete |
|
|
deployments. When you deploy an Elastic Beanstalk application inside an Amazon VPC, the |
|
|
configuration required to enable connectivity depends on the type of Amazon VPC environment |
|
|
you create: |
|
|
• For single-instance environments, no additional configuration is required. This is because, with |
|
|
these environments, Elastic Beanstalk assigns each Amazon EC2 instance a public Elastic IP |
|
|
address that enables the instance to communicate directly with the internet. |
|
|
• For load-balanced, scalable environments in an Amazon VPC with both public and private |
|
|
subnets, you must do the following: |
|
|
• Create a load balancer in the public subnet to route inbound traffic from the internet to the |
|
|
Amazon EC2 instances. |
|
|
• Create a network address translation (NAT) device to route outbound traffic from the Amazon |
|
|
EC2 instances in private subnets to the internet. |
|
|
• Create inbound and outbound routing rules for the Amazon EC2 instances inside the private |
|
|
subnet. |
|
|
• If you're using a NAT instance, configure the security groups for the NAT instance and Amazon |
|
|
EC2 instances to enable internet communication. |
|
|
• For a load-balanced, scalable environment in an Amazon VPC that has one public subnet, no |
|
|
additional configuration is required. This is because, with this environment, your Amazon EC2 |
|
|
Software updates and patching |
|
|
|
|
|
151 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
instances are configured with a public IP address that enables the instances to communicate with |
|
|
the internet. |
|
|
For more information about using Elastic Beanstalk with Amazon VPC, see Using Elastic Beanstalk |
|
|
with Amazon VPC. |
|
|
|
|
|
Connectivity |
|
|
|
|
|
152 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Elastic Beanstalk platforms |
|
|
AWS Elastic Beanstalk provides a variety of platforms on which you can build your applications. |
|
|
You design your web application to one of these platforms, and Elastic Beanstalk deploys your |
|
|
code to the platform version you selected to create an active application environment. |
|
|
Elastic Beanstalk provides platforms for different programming languages, application servers, and |
|
|
Docker containers. Some platforms have multiple concurrently-supported versions. |
|
|
Topics |
|
|
• Elastic Beanstalk platforms glossary |
|
|
• Shared responsibility model for Elastic Beanstalk platform maintenance |
|
|
• Elastic Beanstalk platform support policy |
|
|
• Elastic Beanstalk platform release schedule |
|
|
• Elastic Beanstalk supported platforms |
|
|
• Elastic Beanstalk Linux platforms |
|
|
• Extending Elastic Beanstalk Linux platforms |
|
|
|
|
|
Elastic Beanstalk platforms glossary |
|
|
Following are key terms related to AWS Elastic Beanstalk platforms and their lifecycle. |
|
|
Runtime |
|
|
The programming language-specific runtime software (framework, libraries, interpreter, vm, |
|
|
etc.) required to run your application code. |
|
|
Elastic Beanstalk Components |
|
|
Software components that Elastic Beanstalk adds to a platform to enable Elastic Beanstalk |
|
|
functionality. For example, the enhanced health agent is necessary for gathering and reporting |
|
|
health information. |
|
|
Platform |
|
|
A combination of an operating system (OS), runtime, web server, application server, and |
|
|
Elastic Beanstalk components. Platforms provide components that are available to run your |
|
|
application. |
|
|
Platforms glossary |
|
|
|
|
|
742 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Platform Version |
|
|
A combination of specific versions of an operating system (OS), runtime, web server, application |
|
|
server, and Elastic Beanstalk components. You create an Elastic Beanstalk environment based |
|
|
on a platform version and deploy your application to it. |
|
|
A platform version has a semantic version number of the form X.Y.Z, where X is the major |
|
|
version, Y is the minor version, and Z is the patch version. |
|
|
A platform version can be in one of the following states: |
|
|
• Recommended – The latest platform version in a supported platform branch. This version |
|
|
contains the most up-to-date components and is recommended for use in production |
|
|
environments. |
|
|
• Not Recommended – Any platform version that is not the latest version in its platform |
|
|
branch. While these versions may remain functional, we strongly recommend updating to |
|
|
the latest platform version. You can use managed platform updates to help stay up-to-date |
|
|
automatically. |
|
|
You can verify if a platform version is recommended using the AWS CLI command describeplatform-version and checking the PlatformLifecycleState field. |
|
|
Platform Branch |
|
|
A line of platform versions sharing specific (typically major) versions of some of their |
|
|
components, such as the operating system (OS), runtime, or Elastic Beanstalk components. For |
|
|
example: Python 3.13 running on 64bit Amazon Linux 2023; IIS 10.0 running on 64bit Windows |
|
|
Server 2025. Platform branches receive updates in the form of new platform versions. Each |
|
|
successive platform version in a branch is an update to the previous one. |
|
|
The recommended version in each supported platform branch is available to you |
|
|
unconditionally for environment creation. A previous platform version is available to you if you |
|
|
were using an environment with it at the time the platform version was superceded by a new |
|
|
platform version. Previous platform versions lack the most up-to-date components and aren't |
|
|
recommended for use. |
|
|
A platform branch can be in one of the following states: |
|
|
• Supported – A current platform branch. It consists entirely of supported components. |
|
|
Supported components have not reached End of Life (EOL), as designated by their |
|
|
suppliers. It receives ongoing platform updates, and is recommended for use in production |
|
|
Platforms glossary |
|
|
|
|
|
743 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
environments. For a list of supported platform branches, see Elastic Beanstalk supported |
|
|
platforms in the AWS Elastic Beanstalk Platforms guide. |
|
|
• Beta – A preview, pre-release platform branch. It's experimental in nature. It may receive |
|
|
ongoing platform updates for a while, but has no long-term support. A beta platform branch |
|
|
isn't recommended for use in production environments. Use it only for evaluation. For a list |
|
|
of beta platform branches, see Elastic Beanstalk Platform Versions in Public Beta in the AWS |
|
|
Elastic Beanstalk Platforms guide. |
|
|
• Deprecated – A platform branch where one or more components (such as the runtime or |
|
|
operating system) are approaching End of Life (EOL) or have reached EOL, as designated |
|
|
by their suppliers. While a deprecated platform branch continues to receive new platform |
|
|
versions until its retirement date, components that have reached EOL don't receive updates. |
|
|
For example, if a runtime version reaches EOL, the platform branch will be marked as |
|
|
deprecated but will continue to receive operating system updates until the platform branch |
|
|
retirement date. The platform branch will not continue to receive updates to the EOL runtime |
|
|
version. A deprecated platform branch isn't recommended for use. |
|
|
• Retired – A platform branch that no longer receives any updates. Retired platform branches |
|
|
aren't available to create new Elastic Beanstalk environments using the Elastic Beanstalk |
|
|
console. If your environment uses a retired platform branch, you must update to a supported |
|
|
platform branch to continue receiving updates. A retired platform branch isn't recommended |
|
|
for use. For more details about retired platform branches, see the section called “Platform |
|
|
support policy”. For a list of platform branches scheduled for retirement, see Retiring |
|
|
platform branch schedule. To see past retired platform branches, see Retired platform branch |
|
|
history. |
|
|
If your environment uses a deprecated or retired platform branch, we recommend that you |
|
|
update it to a platform version in a supported platform branch. For details, see the section |
|
|
called “Platform updates”. |
|
|
You can verify the state of a platform branch using the AWS CLI command describe-platformversion and checking the PlatformBranchLifecycleState field. |
|
|
Platform Update |
|
|
A release of new platform versions that contain updates to some components of the platform |
|
|
—OS, runtime, web server, application server, and Elastic Beanstalk components. Platform |
|
|
updates follow semantic version taxonomy, and can have three levels: |
|
|
|
|
|
Platforms glossary |
|
|
|
|
|
744 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
• Major update – An update that has changes that are incompatible with existing platform |
|
|
versions. You may need to modify your application to run correctly on a new major version. A |
|
|
major update has a new major platform version number. |
|
|
• Minor update – An update that has changes that are backward compatible with existing |
|
|
platform versions in most cases. Depending on your application, you may need to modify |
|
|
your application to run correctly on a new minor version. A minor update has a new minor |
|
|
platform version number. |
|
|
• Patch update – An update that consists of maintenance releases (bug fixes, security updates, |
|
|
and performance improvements) that are backward compatible with an existing platform |
|
|
version. A patch update has a new patch platform version number. |
|
|
Managed Updates |
|
|
An Elastic Beanstalk feature that automatically applies patch and minor updates to the |
|
|
operating system (OS), runtime, web server, application server, and Elastic Beanstalk |
|
|
components for an Elastic Beanstalk supported platform version. A managed update applies a |
|
|
newer platform version in the same platform branch to your environment. You can configure |
|
|
managed updates to apply only patch updates, or minor and patch updates. You can also |
|
|
disable managed updates completely. |
|
|
For more information, see Managed platform updates. |
|
|
|
|
|
Shared responsibility model for Elastic Beanstalk platform |
|
|
maintenance |
|
|
AWS and our customers share responsibility for achieving a high level of software component |
|
|
security and compliance. This shared model reduces your operational burden. |
|
|
For details, see the AWS Shared Responsibility Model. |
|
|
AWS Elastic Beanstalk helps you perform your side of the shared responsibility model by providing |
|
|
a managed updates feature. This feature automatically applies patch and minor updates for an |
|
|
Elastic Beanstalk supported platform version. If a managed update fails, Elastic Beanstalk notifies |
|
|
you of the failure to ensure that you are aware of it and can take immediate action. |
|
|
For more information, see Managed platform updates. |
|
|
In addition, Elastic Beanstalk does the following: |
|
|
Shared responsibility model |
|
|
|
|
|
745 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
• Publishes its platform support policy and retirement schedule for the coming 12 months. |
|
|
• Releases patch, minor, and major updates of operating system (OS), runtime, application server, |
|
|
and web server components typically within 30 days of their availability. Elastic Beanstalk |
|
|
is responsible for creating updates to Elastic Beanstalk components that are present on its |
|
|
supported platform versions. All other updates come directly from their suppliers (owners or |
|
|
community). |
|
|
We announce all updates to our supported platforms in our release notes in the AWS Elastic |
|
|
Beanstalk Release Notes guide. We also provide a list of all supported platforms and their |
|
|
components, along with a platform history, in the AWS Elastic Beanstalk Platforms guide. For more |
|
|
information see Supported platforms and component history. |
|
|
You are responsible to do the following: |
|
|
• Update all the components that you control (identified as Customer in the AWS Shared |
|
|
Responsibility Model). This includes ensuring the security of your application, your data, and any |
|
|
components that your application requires and that you downloaded. |
|
|
• Ensure that your Elastic Beanstalk environments are running on a supported platform version, |
|
|
and migrate any environment running on a retired platform version to a supported version. |
|
|
• If you’re using a custom Amazon machine image (AMI) for your Elastic Beanstalk environment, |
|
|
patch, maintain, and test your custom AMI so that it remains current and compatible with |
|
|
a supported Elastic Beanstalk platform version. For more information about managing |
|
|
environments with a custom AMI, see Using a custom Amazon machine image (AMI) in your |
|
|
Elastic Beanstalk environment. |
|
|
• Resolve all issues that come up in failed managed update attempts and retry the update. |
|
|
• Patch the OS, runtime, application server, and web server yourself if you opted out of Elastic |
|
|
Beanstalk managed updates. You can do this by applying platform updates manually or directly |
|
|
patching the components on all relevant environment resources. |
|
|
• Manage the security and compliance of any AWS services that you use outside of Elastic |
|
|
Beanstalk according to the AWS Shared Responsibility Model. |
|
|
|
|
|
Shared responsibility model |
|
|
|
|
|
746 |
|
|
|
|
|
�AWS Elastic Beanstalk |
|
|
|
|
|
Developer Guide |
|
|
|
|
|
Elastic Beanstalk platform support policy |
|
|
Elastic Beanstalk supports platform branches that still receive ongoing minor and patch updates |
|
|
from their suppliers (owners or community). For a complete definition of related terms, see Elastic |
|
|
Beanstalk platforms glossary. |
|
|
|
|
|
Retired platform branches |
|
|
When a component of a supported platform branch is marked End of Life (EOL) by its supplier, |
|
|
Elastic Beanstalk marks the platform branch as retired. Components of a platform branch include |
|
|
the following: operating system (OS), runtime language version, application server, or web server. |
|
|
Once a platform branch is marked as retired the following policies apply: |
|
|
• Elastic Beanstalk stops providing maintenance updates, including security updates. |
|
|
• Elastic Beanstalk no longer provides technical support for retired platform branches. |
|
|
• Elastic Beanstalk no longer makes the platform branch available to new Elastic Beanstalk |
|
|
customers for deployments to new environments. There is a 90 day grace period from the |
|
|
published retirement date for existing customers with active environments that are running on |
|
|
retired platform branches. |
|
|
|
|
|
Note |
|
|
A retired platform branch will not be available in the Elastic Beanstalk console. However, it |
|
|
will be available through the AWS CLI, EB CLI and EB API for customers that have existing |
|
|
environments based on the retired platform branch. Existing customers can also use the |
|
|
Clone environment and Rebuild environment consoles. |
|
|
|
|
|
For a list of platform branches that are scheduled for retirement see the Retiring platform branch |
|
|
schedule in the Elastic Beanstalk platform schedule topic that follows. |
|
|
For more information about what to expect when your environment’s platform branch retires, see |
|
|
Platform retirement FAQ. |
|
|
|
|
|
Platform support policy |
|
|
|
|
|
747 |
|
|
|
|
|
� |
