glance
Reputation: 141
Elastic Beanstalk security patches
I currently use Ubuntu with unattended-upgrades on all my ec2-instances, to keep any nasty holes closed, but when running apps via Elastic beanstalk i can't see any option on how to handle patches to them. The only alternative is to manually log in to them and run yum.
How can I handle security patches on Elastic Beanstalk-instances?
Upvotes: 14
Views: 2708
Answers (2)
Michael Connor
Reputation: 4232
You could run the following using a nightly or hourly cron job.
bash
sudo yum update --sec-severity=critical,important
Just think through how you will do rollback and notification in the event that a patch causes your application to fail.
Upvotes: 3
Mike Carson
Reputation: 121
We added the following to our .ebextensions/01run.config file to address this issue:
commands:
security_updates:
command: "yum update -y --security"
Upvotes: 12
Related Questions
- Enabling Managed Updates for Elastic Beanstalk with terraform
- Hooks in Elastic Beanstalk V3.0.1 (Amazon Linux 2) for configuration updates
- Updated to the latest Amazon linux but stil deprecated
- ElasticBeanstalk - Changing java.security?
- AWS Elastic BeanStalk Security Group
- Elastic Beanstalk: Rolling Updates
- What is the minimum policy needed to update and deploy an Elastic Beanstalk app?
- elastic beanstalk: Rolling Updates through eclipse SDK
- How to avoid downtime with Elastic Beanstalk deployments including database patches?
- Elasticbeanstalk controlling access