Skip to main content

πŸ›‘οΈ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟒

  • Contextual name: πŸ›‘οΈ Environment does not have enhanced health reporting enabled🟒
  • ID: /ce/ca/aws/elastic-beanstalk/environment-health-reporting
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: RELIABILITY

Logic​

Similar Policies​

Description​

Open File

Description​

This policy identifies AWS Elastic Beanstalk Environments that do not have enhanced health reporting enabled.

Rationale​

Enabling Enhanced Health Reporting provides significant operational advantages. It allows for faster detection and diagnosis of issues that may affect application availability and performance. The detailed metrics and customizable health dashboards offer deeper insights into the root causes of problems, helping reduce downtime and improve overall reliability.

In contrast, Basic Health Reporting only provides binary instance health information from Elastic Load Balancing checks, which is often insufficient for diagnosing complex issues.

Audit​

This policy flags an AWS Elastic Beanstalk Environment as INCOMPLIANT if its related AWS Elastic Beanstalk Configuration Set. contains the entry aws:elasticbeanstalk:healthreporting:system SystemType basic in Option Settings.

Beanstalk Environment is marked as INAPPLICABLE in its Status is not Ready.

Remediation​

Open File

Remediation​

Enable Enhanced Health Reporting​

Using the EB CLI​

  1. Open your environment configuration in the default text editor:

    ~/project$ eb config

  2. Locate the aws:elasticbeanstalk:healthreporting:system namespace and update the SystemType value to enhanced:

    aws:elasticbeanstalk:healthreporting:system:
    SystemType: enhanced

  3. Save the configuration file and close the editor:

    The EB CLI will automatically start an environment update to apply the changes. You can monitor the update progress in the terminal or exit safely using Ctrl+C:

    ~/project$ eb config
    Printing Status:
    INFO: Environment update is starting.
    INFO: Health reporting type changed to ENHANCED.
    INFO: Updating environment no-role-test's configuration settings.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ElasticBeanstalk.1] Elastic Beanstalk environments should have enhanced health reporting enabled1no data
πŸ’Ό AWS Well-Architected β†’ πŸ’Ό REL11-BP01 Monitor all components of the workload to detect failures2no data
πŸ’Ό AWS Well-Architected β†’ πŸ’Ό REL11-BP02 Fail over to healthy resources1no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό System Configuration62no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CA-7 Continuous Monitoring (L)(M)(H)222no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)2719no data
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CA-7 Continuous Monitoring (L)(M)(H)122no data
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)19no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό CA-7 Continuous Monitoring (L)(M)(H)222no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)219no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-02: Potentially adverse events are analyzed to better understand associated activities45no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-03: Information is correlated from multiple sources60no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-01: Networks and network services are monitored to find potentially adverse events170no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-02: The physical environment is monitored to find potentially adverse events22no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events95no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-06: External service provider activities and services are monitored to find potentially adverse events45no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events170no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations37no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties51no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities52no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded41no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked41no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-7 Continuous Monitoring622no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-2 Flaw Remediation6616no data