Stream Elastic Beanstalk Logs to CloudWatch
Checks if logs from Elastic Beanstalk environments are being sent to CloudWatch, enabling effective monitoring and troubleshooting.
| Rule | Elastic Beanstalk should stream logs to CloudWatch |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ High |
Rule Description:
Elastic Beanstalk should be configured to stream logs to CloudWatch for better monitoring and analysis as per AWS Foundational Security Best Practices.
Troubleshooting Steps:
- 1.Verify the log settings in the Elastic Beanstalk environment.
- 2.Check if the necessary IAM roles and policies are properly configured.
- 3.Ensure that the CloudWatch log group exists and is accessible.
Necessary Codes:
No specific codes required.
Remediation Steps:
- 1.Open the AWS Management Console.
- 2.Navigate to the Elastic Beanstalk service.
- 3.Select the environment you want to configure.
- 4.Click on the environment name to access the configuration.
- 5.In the Configuration section, click on 'Edit'.
- 6.Scroll down to the 'Instance log streaming' section.
- 7.Enable log streaming to CloudWatch Logs.
- 8.Select the log group in CloudWatch where the logs will be streamed.
- 9.Click 'Apply' to save the changes.
- 10.Verify that logs are now streaming to CloudWatch for monitoring and analysis.