Using the Elastic Beanstalk Tomcat platform - AWS Elastic Beanstalk

Using the Elastic Beanstalk Tomcat platform

Important

AWS Elastic Beanstalk installs Log4j from the Amazon Linux default package repositories in its Tomcat platforms for Amazon Linux 1 and Amazon Linux 2. The versions of Log4j available in the Amazon Linux 1 and Amazon Linux 2 repositories are not affected by CVE-2021-44228 or CVE-2021-45046 in their default configuration.

If you've made configuration changes to your application’s use of log4j, or installed newer versions of log4j, then we recommend that you take action to update your application’s code to mitigate this issue.

Out of caution, Elastic Beanstalk released new platform versions that use the latest Amazon Linux default package repositories, which include the Log4j hotpatched JDK, in our Amazon Linux platform release on December 21, 2021. If you've customized log4j installation as your application dependency, we recommend that you upgrade to the latest Elastic Beanstalk platform version to mitigate CVE-2021-44228 or CVE-2021-45046. You can also enable automated managed updates as part of normal update practices.

For more information about security-related software updates for Amazon Linux, see the Amazon Linux Security Center.

The AWS Elastic Beanstalk Tomcat platform is a set of platform versions for Java web applications that can run in a Tomcat web container. Tomcat runs behind an nginx proxy server. Each platform branch corresponds to a major version of Tomcat, like Java 8 with Tomcat 8.

Configuration options are available in the Elastic Beanstalk console for modifying the configuration of a running environment. To avoid losing your environment's configuration when you terminate it, you can use saved configurations to save your settings and later apply them to another environment.

To save settings in your source code, you can include configuration files. Settings in configuration files are applied every time you create an environment or deploy your application. You can also use configuration files to install packages, run scripts, and perform other instance customization operations during deployments.

The Elastic Beanstalk Tomcat platform includes a reverse proxy that forwards requests to your application. You can use configuration options to configure the proxy server to serve static assets from a folder in your source code to reduce the load on your application. For advanced scenarios, you can include your own .conf files in your source bundle to extend the Elastic Beanstalk proxy configuration or overwrite it completely.

Note

Elastic Beanstalk supports nginx (the default) and Apache HTTP Server as the proxy servers on the Tomcat platform. If your Elastic Beanstalk Tomcat environment uses an Amazon Linux AMI platform branch (preceding Amazon Linux 2), you also have the option of using Apache HTTP Server Version 2.2. Apache (latest) is the default on these older platform branches.

On July 18,2022, Elastic Beanstalk set the status of all platform branches based on Amazon Linux AMI (AL1) to retired. For more information about migrating to a current and fully supported Amazon Linux 2023 platform branch, see Migrating your Elastic Beanstalk Linux application to Amazon Linux 2023 or Amazon Linux 2.

You must package Java applications in a web application archive (WAR) file with a specific structure. For information on the required structure and how it relates to the structure of your project directory, see Structuring your project folder.

To run multiple applications on the same web server, you can bundle multiple WAR files into a single source bundle. Each application in a multiple WAR source bundle runs at the root path (ROOT.war runs at myapp.elasticbeanstalk.com/) or at a path directly beneath it (app2.war runs at myapp.elasticbeanstalk.com/app2/), as determined by the name of the WAR. In a single WAR source bundle, the application always runs at the root path.

Settings applied in the Elastic Beanstalk console override the same settings in configuration files, if they exist. This lets you have default settings in configuration files, and override them with environment-specific settings in the console. For more information about precedence, and other methods of changing settings, see Configuration options.

For details about the various ways you can extend an Elastic Beanstalk Linux-based platform, see Extending Elastic Beanstalk Linux platforms.

Configuring your Tomcat environment

The Elastic Beanstalk Tomcat platform provides a few platform-specific options in addition to the standard options that all platforms have. These options enable you to configure the Java virtual machine (JVM) that runs on your environment's web servers, and define system properties that provide information configuration strings to your application.

You can use the Elastic Beanstalk console to enable log rotation to Amazon S3 and configure variables that your application can read from the environment.

To configure your Tomcat environment in the Elastic Beanstalk console
  1. Open the Elastic Beanstalk console, and in the Regions list, select your AWS Region.

  2. In the navigation pane, choose Environments, and then choose the name of your environment from the list.

    Note

    If you have many environments, use the search bar to filter the environment list.

  3. In the navigation pane, choose Configuration.

  4. In the Updates, monitoring, and logging configuration category, choose Edit.

Container options

You can specify these platform-specific options:

  • Proxy server – The proxy server to use on your environment instances. By default, nginx is used.

JVM container options

The heap size in the Java virtual machine (JVM) determines how many objects your application can create in memory before garbage collection occurs. You can modify the Initial JVM Heap Size (-Xms option) and a Maximum JVM Heap Size (-Xmx option). A larger initial heap size allows more objects to be created before garbage collection occurs, but it also means that the garbage collector will take longer to compact the heap. The maximum heap size specifies the maximum amount of memory the JVM can allocate when expanding the heap during heavy activity.

Note

The available memory depends on the Amazon EC2 instance type. For more information about the EC2 instance types available for your Elastic Beanstalk environment, see Instance Types in the Amazon Elastic Compute Cloud User Guide for Linux Instances.

The permanent generation is a section of the JVM heap that stores class definitions and associated metadata. To modify the size of the permanent generation, type the new size in the Maximum JVM PermGen Size (-XX:MaxPermSize) option. This setting applies only to Java 7 and earlier. This option was deprecated in JDK 8 and superseded by the MaxMetaspace Size (-XX:MaxMetaspaceSize) option.

Important

JDK 17 removed support of the Java -XX:MaxPermSize option. Usage of this option with an environment running on an Elastic Beanstalk platform branch with Corretto 17 will result in an error. Elastic Beanstalk released its first platform branch running Tomcat with Corretto 17 on July 13, 2023.

For more information see the following resources.

For more information about Elastic Beanstalk platforms and their components, see Supported Platforms in the AWS Elastic Beanstalk Platforms guide.

Log options

The Log Options section has two settings:

  • Instance profile – Specifies the instance profile that has permission to access the Amazon S3 bucket associated with your application.

  • Enable log file rotation to Amazon S3 – Specifies whether log files for your application's Amazon EC2 instances are copied to the Amazon S3 bucket associated with your application.

Static files

To improve performance, you can use the Static files section to configure the proxy server to serve static files (for example, HTML or images) from a set of directories inside your web application. For each directory, you set the virtual path to directory mapping. When the proxy server receives a request for a file under the specified path, it serves the file directly instead of routing the request to your application.

For details about configuring static files using configuration files or the Elastic Beanstalk console, see Serving static files.

Environment properties

In the Environment Properties section, you can specify environment configuration settings on the Amazon EC2 instances that are running your application. Environment properties are passed in as key-value pairs to the application.

The Tomcat platform defines a placeholder property named JDBC_CONNECTION_STRING for Tomcat environments for passing a connection string to an external database.

Note

If you attach an RDS DB instance to your environment, construct the JDBC connection string dynamically from the Amazon Relational Database Service (Amazon RDS) environment properties provided by Elastic Beanstalk. Use JDBC_CONNECTION_STRING only for database instances that are not provisioned using Elastic Beanstalk.

For more information about using Amazon RDS with your Java application, see Adding an Amazon RDS DB instance to your Java application environment.

Inside the Tomcat environment running in Elastic Beanstalk, environment variables are accessible using the System.getProperty(). For example, you could read a property named API_ENDPOINT to a variable with the following code.

String endpoint = System.getProperty("API_ENDPOINT");

See Environment properties and other software settings for more information.

Tomcat configuration namespaces

You can use a configuration file to set configuration options and perform other instance configuration tasks during deployments. Configuration options can be defined by the Elastic Beanstalk service or the platform that you use and are organized into namespaces.

The Tomcat platform supports options in the following namespaces, in addition to the options supported for all Elastic Beanstalk environments:

  • aws:elasticbeanstalk:container:tomcat:jvmoptions – Modify JVM settings. Options in this namespace correspond to options in the management console, as follows:

    • XmsJVM command line options

    • JVM OptionsJVM command line options

  • aws:elasticbeanstalk:environment:proxy – Choose the environment's proxy server.

The following example configuration file shows the use of the Tomcat-specific configuration options.

Example .ebextensions/tomcat-settings.config
option_settings: aws:elasticbeanstalk:container:tomcat:jvmoptions: Xms: 512m JVM Options: '-Xmn128m' aws:elasticbeanstalk:application:environment: API_ENDPOINT: mywebapi.zkpexsjtmd.us-west-2.elasticbeanstalk.com aws:elasticbeanstalk:environment:proxy: ProxyServer: apache

Elastic Beanstalk provides many configuration options for customizing your environment. In addition to configuration files, you can also set configuration options using the console, saved configurations, the EB CLI, or the AWS CLI. See Configuration options for more information.

If your Elastic Beanstalk Tomcat environment uses an Amazon Linux AMI platform version (preceding Amazon Linux 2), read the additional information in this section.

Notes
  • The information in this topic only applies to platform branches based on Amazon Linux AMI (AL1). AL2023/AL2 platform branches are incompatible with previous Amazon Linux AMI (AL1) platform versions and require different configuration settings.

  • On July 18,2022, Elastic Beanstalk set the status of all platform branches based on Amazon Linux AMI (AL1) to retired. For more information about migrating to a current and fully supported Amazon Linux 2023 platform branch, see Migrating your Elastic Beanstalk Linux application to Amazon Linux 2023 or Amazon Linux 2.

The Tomcat Amazon Linux AMI platform supports additional options in the following namespaces:

  • aws:elasticbeanstalk:container:tomcat:jvmoptions – In addition to the options mentioned earlier on this page for this namespace, older Amazon Linux AMI platform versions also support:

    • XX:MaxPermSizeMaximum JVM permanent generation size

  • aws:elasticbeanstalk:environment:proxy – In addition to choosing the proxy server, also configure response compression.

The following example configuration file shows the use of the proxy namespace configuration options.

Example .ebextensions/tomcat-settings.config
option_settings: aws:elasticbeanstalk:environment:proxy: GzipCompression: 'true' ProxyServer: nginx

To deploy .ebextensions configuration files, include them in your application source. For a single application, add your .ebextensions to a compressed WAR file by running the following command:

zip -ur your_application.war .ebextensions

For an application requiring multiple WAR files, see Bundling multiple WAR files for Tomcat environments for further instructions.