By using AWS re:Post, you agree to the Terms of Use

Questions tagged with AWS Elastic Beanstalk

Sort by most recent
  • 1
  • 12 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Need automatic app restarts in Elastic BeanStalk after completing the deplyoment with using .platform

I’m currently working on a java project that will be deployed to elastic beanstalk and storing all the sensitive properties to parameter store. My problem is I need to restart the App server on elastic beanstalk after the deployment to get those parameters to work. I need that to be automatically picked up or automatically restart the app server. Example: I need to store db access details in parameter store and make them available in environment properties in elastic beanstalk and I have done that by adding a bash script file in .platform folder to get the parameters and add them to env files /opt/elasticbeanstalk/deployment/env ![Enter image description here](/media/postImages/original/IM9nY14CVuRE-aFek6wnWL7Q) Referenced link: https://www.fullstackerconsulting.com/2021/09/09/how-can-i-use-the-aws-systems-manager-parameter-store-with-an-aws-elastic-beanstalk-instance-to-manage-environment-variables/ Aws: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html For demo App, I'm using java to get the properties through “System.getenv("dbusername");” The scripts are running and I’m able to access the parameter store properties but the problem is I need to restart the App server on elastic beanstalk to work these properties. Can you please someone suggest to me that I can run the App server automatically once the application is deployment is done? Let me know if you need any further information related to my issue.
0
answers
0
votes
5
views
asked 2 days ago

Amazon Linux 2 - How can I know if a CVE has been patched?

Hi, My question is - how can we see what CVEs are patched? Where is it recorded if Amazon Linux has patched a particular CVE? There is the security centre here: https://alas.aws.amazon.com/alas2.html, however, that only lists the advisories as far as I can tell - it doesn't say what's patched and what isn't. Is it the case that if an item there shows that there are new packages, we can just assume it's patched in AL? Thanks in advance for any help. **Context** We've had a pen test conducted in our Elastic Beanstalk / Amazon Linux 2 environment. It flagged some potential common vulnerability & exposures (CVEs) - a number of which turned out to be false positives as Amazon Linux maintains its own release of packages. We found that Nginx running in our environment was not version 1.20.0 - vulnerable to CVE-2021-23017, but was version 1.20.0, release 2.amzn.2.0.4 - which according to https://github.com/aws/elastic-beanstalk-roadmap/issues/221 , has been patched against this vulnerability. Having the same version number for each seems like a recipee for disaster. It certainly cost me a few days time trying to look into the issue. ``` [ec2-user@ip-x ~]$ yum info nginx Loaded plugins: extras_suggestions, langpacks, priorities, update-motd 207 packages excluded due to repository priority protections Installed Packages Name : nginx Arch : aarch64 Epoch : 1 Version : 1.20.0 Release : 2.amzn2.0.4 Size : 1.7 M Repo : installed From repo : amzn2extra-nginx1 ``` I've a number of other CVE's that I need to determine if our elastic beanstalk environment is potentially compromised by: If I can just look them up, it would be helpful. ``` OpenSSH <= 8.6 Command Injection Vulnerability CVE-2021-23017 Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSH, D(HE)ater) CVE-2002-20001 nginx <= 1.21.1 Information Disclosure Vulnerability CVE-2013-0337 OpenSSH 6.2 <= 8.7 Privilege Escalation Vulnerability CVE-2021-41617 OpenBSD OpenSSH <= 7.9 Multiple Vulnerabilities CVE-2018-20685, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111 OpenBSD OpenSSH Information Disclosure Vulnerability (CVE-2020-14145) CVE-2020-14145 SSL/TLS: BREACH attack against HTTP compression CVE-2013-3587 OpenSSH 'auth2-gss.c' User Enumeration Vulnerability - Linux CVE-2018-15919 OpenSSH 'sftp-server' Security Bypass Vulnerability (Linux) CVE-2017-15906 OpenSSH < 7.8 User Enumeration Vulnerability - Linux CVE-2018-15473 OpenSSH Information Disclosure Vulnerability (CVE-2016-20012) CVE-2016-20012 ```
1
answers
0
votes
24
views
asked 6 days ago

Magento: Error removing old index from Elastic Search.

Hello, When I start indexing, the old indexes are not deleted. Normally old indexes are deleted to leave shareds. Is this a configuration problem? Error logs: `[2022-08-10 08:05:36] main.CRITICAL: {"error":{"root_cause":[{"type":"snapshot_in_progress_exception","reason":"Cannot delete indices that are being snapshotted: [[magento2_product_4_v12854/gZH6DirdQ2GBwVUVZoTP4w]]. Try again after snapshot finishes or cancel the currently running snapshot."}],"type":"snapshot_in_progress_exception","reason":"Cannot delete indices that are being snapshotted: [[magento2_product_4_v12854/gZH6DirdQ2GBwVUVZoTP4w]]. Try again after snapshot finishes or cancel the currently running snapshot."},"status":400} {"exception":"[object] (Elasticsearch\\Common\\Exceptions\\BadRequest400Exception(code: 400): {\"error\":{\"root_cause\":[{\"type\":\"snapshot_in_progress_exception\",\"reason\":\"Cannot delete indices that are being snapshotted: [[magento2_product_4_v12854/gZH6DirdQ2GBwVUVZoTP4w]]. Try again after snapshot finishes or cancel the currently running snapshot.\"}],\"type\":\"snapshot_in_progress_exception\",\"reason\":\"Cannot delete indices that are being snapshotted: [[magento2_product_4_v12854/gZH6DirdQ2GBwVUVZoTP4w]]. Try again after snapshot finishes or cancel the currently running snapshot.\"},\"status\":400} at /home/site/irrijardin-ecommerce/www/vendor/elasticsearch/elasticsearch/src/Elasticsearch/Connections/Connection.php:675)"} []` Technical context : * Magento 2 ver. 2.4.3-p1 Thank you
2
answers
0
votes
14
views
asked 7 days ago
  • 1
  • 12 / page