Skip to main content

πŸ›‘οΈ AWS Elastic Beanstalk Environment does not have enhanced health reporting enabled🟒

  • Contextual name: πŸ›‘οΈ Environment does not have enhanced health reporting enabled🟒
  • ID: /ce/ca/aws/elastic-beanstalk/environment-health-reporting
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: RELIABILITY

Logic​

Similar Policies​

Description​

Open File

Description​

This policy identifies AWS Elastic Beanstalk Environments that do not have enhanced health reporting enabled.

Rationale​

Enabling Enhanced Health Reporting provides significant operational advantages. It allows for faster detection and diagnosis of issues that may affect application availability and performance. The detailed metrics and customizable health dashboards offer deeper insights into the root causes of problems, helping reduce downtime and improve overall reliability.

In contrast, Basic Health Reporting only provides binary instance health information from Elastic Load Balancing checks, which is often insufficient for diagnosing complex issues.

Audit​

This policy flags an AWS Elastic Beanstalk Environment as INCOMPLIANT if its related AWS Elastic Beanstalk Configuration Set. contains the entry aws:elasticbeanstalk:healthreporting:system SystemType basic in Option Settings.

Beanstalk Environment is marked as INAPPLICABLE in its Status is not Ready.

Remediation​

Open File

Remediation​

Enable Enhanced Health Reporting​

Using the EB CLI​

  1. Open your environment configuration in the default text editor:

    ~/project$ eb config

  2. Locate the aws:elasticbeanstalk:healthreporting:system namespace and update the SystemType value to enhanced:

    aws:elasticbeanstalk:healthreporting:system:
    SystemType: enhanced

  3. Save the configuration file and close the editor:

    The EB CLI will automatically start an environment update to apply the changes. You can monitor the update progress in the terminal or exit safely using Ctrl+C:

    ~/project$ eb config
    Printing Status:
    INFO: Environment update is starting.
    INFO: Health reporting type changed to ENHANCED.
    INFO: Updating environment no-role-test's configuration settings.

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ElasticBeanstalk.1] Elastic Beanstalk environments should have enhanced health reporting enabled1no data
πŸ’Ό AWS Well-Architected β†’ πŸ’Ό REL11-BP01 Monitor all components of the workload to detect failures2no data
πŸ’Ό AWS Well-Architected β†’ πŸ’Ό REL11-BP02 Fail over to healthy resources1no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό System Configuration45no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CA-7 Continuous Monitoring (L)(M)(H)213no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)2714no data
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CA-7 Continuous Monitoring (L)(M)(H)113no data
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)14no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό CA-7 Continuous Monitoring (L)(M)(H)213no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)214no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-02: Potentially adverse events are analyzed to better understand associated activities35no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-03: Information is correlated from multiple sources50no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-01: Networks and network services are monitored to find potentially adverse events145no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-02: The physical environment is monitored to find potentially adverse events13no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events85no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-06: External service provider activities and services are monitored to find potentially adverse events35no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events142no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations26no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties40no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities41no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded31no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked31no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-7 Continuous Monitoring613no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-2 Flaw Remediation6611no data