Ensure that your Amazon Elastic Beanstalk (EB) applications are deployed using EC2-VPC platform instead of EC2-Classic platform and are running within a VPC, for better flexibility and control over security, better traffic routing and availability.
When an AWS Elastic Beanstalk application is launched without specifying a VPC in the Network setting, it is launched as a part of EC2 Classic in old accounts supporting EC2-Classic platform. The accounts that support EC2 Classic are old AWS accounts created before 2013.12.04. Launching and running AWS Elastic Beanstalk applications in VPCs, using EC2-VPC instead of EC2-Classic can have multiple advantages such as better network infrastructure (network isolation, private subnets and private IP addresses), more flexibility and control for access security (network ACLs and security group outbound/egress traffic filtering), access to newer and powerful EC2 instance types (C4/C5/C5d, M4/M5/M5d, R4, H1, etc) and the capability to run Elastic Beanstalk environment instances on single-tenant hardware.
To determine if your Amazon Elastic Beanstalk applications are running within a VPC, perform the following:
Remediation / Resolution
To migrate your AWS Elastic Beanstalk application to a Virtual Private Cloud, you must re-create the application environment within a VPC. To launch your new Elastic Beanstalk environment, perform the following actions:
- AWS Documentation
- The AWS Elastic Beanstalk Environment Management Console
- What Is AWS Elastic Beanstalk?
- Using Elastic Beanstalk with Amazon Virtual Private Cloud
- Adding a Database to Your Elastic Beanstalk Environment
- Blue/Green Deployments with AWS Elastic Beanstalk
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
AWS Elastic Beanstalk Application In VPC
Risk level: Low