AWS Elastic Beanstalk
Developer Guide (API Version 2010-12-01)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

Configuring Amazon EC2 Server Instances with AWS Elastic Beanstalk

Amazon EC2 is a web service that enables you to launch and manage server instances in Amazon's data centers. You can use Amazon EC2 server instances at any time, for as long as you need, and for any legal purpose. Instances are available in different sizes and configurations. For more information, go to the Amazon EC2 product page.

AWS Management Console

You can edit the AWS Elastic Beanstalk environment's Amazon EC2 instance configuration by editing Instances on the Configuration page for that environment. For information about getting to the Configuration page, see Changing Environment Configurations Settings

AWS Elastic Beanstalk Servers Configuration Window

Amazon EC2 Instance Types

Instance type displays the instance types available to your AWS Elastic Beanstalk application. Change the instance type to select a server with the characteristics (including memory size and CPU power) that are most appropriate to your application. For example, applications with intensive and long-running operations may require more CPU or memory. AWS Elastic Beanstalk regularly checks your running instances to ensure they are healthy. If your application consumes 95 percent or greater of the CPU, AWS Elastic Beanstalk will trigger an event. For more information about this event, see CPU Utilization Greater Than 95.00%.

Note

You cannot change between 32-bit and 64-bit instance types. For example, if your application is built on a 32-bit platform, only 32-bit instance types appear in the list.

For more information about the Amazon EC2 instance types available for your AWS Elastic Beanstalk application, see Instance Families and Types in the Amazon Elastic Compute Cloud User Guide.

Amazon EC2 Security Groups

You can control access to your AWS Elastic Beanstalk application using an Amazon EC2 security group. A security group defines firewall rules for your instances. These rules specify which ingress (i.e., incoming) network traffic should be delivered to your instance. All other ingress traffic will be discarded. You can modify rules for a group at any time. The new rules are automatically enforced for all running instances and instances launched in the future.

You can set up your Amazon EC2 security groups using the Amazon EC2 console. You can specify which Amazon EC2 security groups control access to your AWS Elastic Beanstalk application by entering one or more Amazon EC2 security group names (delimited by commas) into the EC2 security groups text box. For more information on Amazon EC2 security groups, see Using Security Groups in the Amazon Elastic Compute Cloud User Guide.

AWS Elastic Beanstalk creates a default security group for you. If you are using a legacy container, the security group is elasticbeanstalk-default. If you are using a non-legacy container, then AWS Elastic Beanstalk dynamically creates a security group. You can view the security group name in the EC2 security group box.

Note

If you are running your application using a legacy container type, make sure port 80 (HTTP) is accessible from 0.0.0.0/0 as the source CIDR range if you want to enable health checks for your application. For more information about health checks, see Health Checks. To check if you are using a legacy container type, see Why are some container types marked legacy?.

To modify your Amazon EC2 security group

  1. Add a new rule for 80 (HTTP) for your EC2 security group with a new source. For instructions, see Adding a Security Group Rule in the Amazon Elastic Compute Cloud User Guide.

  2. Type the public DNS address of your EC2 instance in address bar your web browser to verify you can see your application. For instructions on determining your DNS address, see Determining Your IP Addresses in the Amazon Elastic Compute Cloud User Guide.

Amazon EC2 Key Pairs

You can securely log in to the Amazon EC2 instances provisioned for your AWS Elastic Beanstalk application with an Amazon EC2 key pair.

Important

You must create an Amazon EC2 key pair and configure your AWS Elastic Beanstalk–provisioned Amazon EC2 instances to use the Amazon EC2 key pair before you can access your AWS Elastic Beanstalk–provisioned Amazon EC2 instances. You can set up your Amazon EC2 key pairs using the AWS Management Console. For instructions on creating a key pair for Amazon EC2, see the Amazon Elastic Compute Cloud Getting Started Guide.

The EC2 key pair text box lets you specify the name of an Amazon EC2 key pair you use to securely log in to the Amazon EC2 instances running your AWS Elastic Beanstalk application.

For more information on Amazon EC2 key pairs, see Using Credentials in the Amazon Elastic Compute Cloud User Guide. For more information on connecting to Amazon EC2 instances, see Connecting to Instances and Connecting to an Instance from Windows using PuTTY in the Amazon Elastic Compute Cloud User Guide.

Monitoring Interval

By default, only basic Amazon CloudWatch metrics are enabled; they return data in five-minute periods. You can enable more granular one-minute CloudWatch metrics by selecting 1 minute for the Monitoring Interval in the Server section of the Configuration tab for your environment in the AWS Toolkit for Eclipse.

Note

Amazon CloudWatch service charges can apply for one-minute interval metrics. See Amazon CloudWatch for more information.

Custom AMI ID

You can override the default AMI used for your Amazon EC2 instances with your own custom AMI by entering the identifier of your custom AMI into the Custom AMI ID box in the Server section of the Configuration tab for your environment in the AWS Toolkit for Eclipse.

Important

Using your own AMI is an advanced task and should be done with care. If you need a custom AMI, we recommend you start with the default AWS Elastic Beanstalk AMI and then modify it. To be considered healthy, AWS Elastic Beanstalk expects Amazon EC2 instances to meet a set of requirements, including having a running host manager. If these requirements are not met, your environment might not work properly.

Instance Profiles

If you are using a nonlegacy container, you can select an instance profile. If you are using a legacy container, this option does not appear. Instance profiles provide applications and services access to AWS resources. For example, your application may require access to DynamoDB. Every API request made to AWS services must be signed using AWS security credentials. One way to grant applications access to AWS resources is to distribute your credentials to each instance; however, distributing long-term credentials to each instance is challenging to manage and a potential security risk. Instead, you can create an IAM role with the permissions that applications require when the application makes calls to other AWS resources. When AWS Elastic Beanstalk launches the Amazon EC2 instances, it uses the instance profile associated with that role. All applications that run on the instances can use the role credentials to sign requests. Because role credentials are temporary and rotated automatically, you don't have to worry about long-term security risks.

In addition, AWS Elastic Beanstalk requires permission to rotate your logs to Amazon S3. If you want AWS Elastic Beanstalk to rotate your logs to Amazon S3, you need to select an instance profile or have AWS Elastic Beanstalk create one for you. For more information about log rotation, see AWS Elastic Beanstalk Environment Configurations.

The Instance profile list displays the profiles available for your AWS Elastic Beanstalk environment. If you do not have any instance profiles, AWS Elastic Beanstalk creates one for you. AWS Elastic Beanstalk creates a default instance profile and updates the Amazon S3 bucket policy to allow log rotation. If you choose to not use the default instance profile, you need to grant permissions for AWS Elastic Beanstalk to rotate logs. For more information about this policy, see Example: Granting AWS Elastic Beanstalk Permission to Rotate Logs to Amazon S3. For a list of supported nonlegacy container types, see Why are some container types marked legacy?.

Note

Users must have permission to create a default profile. For more information, see Granting IAM Users Permissions to Create and Pass IAM Roles.

Block Device Mappings

Note

You cannot configure this option using the AWS Management Console. Instead, modify the Options.txt file using the command line interface (CLI) as explained in Command Line Interface (CLI). For a list of possible configuration settings, see Option Values. You can also call UpdateEnvironment in the API. For an example of how to configure this option in the API, see API.

Although each Amazon Elastic Compute Cloud instance has an associated root device volume upon launch, you can use block device mappings to specify additional Amazon Elastic Block Store volumes or instance store volumes to attach to all the instances in the autoscaling group. For more information about block device mappings, see Block Device Mapping in the Amazon Elastic Cloud Computer User Guide. For more information about instance storage, see Amazon EC2 Instance Store in the Amazon Elastic Cloud Computer User Guide.

Command Line Interface (CLI)

To edit an application's environment settings

  • Update an application's environment settings.

    PROMPT> elastic-beanstalk-update-environment -e MySampleAppEnv -f "Options.txt"

Options.txt

[
  {"Namespace": "aws:autoscaling:launchconfiguration",
   "OptionName": "InstanceType",
   "Value": "m1.small"},
   {"Namespace": "aws:autoscaling:launchconfiguration",
   "OptionName": "SecurityGroups",
   "Value": "awseb-e-98pjjgr9cs-stack-AWSEBSecurityGroup-D1FOQASTKD12"},
  {"Namespace": "aws:autoscaling:launchconfiguration",
   "OptionName": "EC2KeyName",
   "Value": "mykeypair"},
   {"Namespace": "aws:autoscaling:launchconfiguration",
   "OptionName": "MonitoringInterval",
   "Value": "5 minute"},
   {"Namespace": "aws:autoscaling:launchconfiguration",
   "OptionName": "ImageId",
   "Value": "ami-cbab67a2"},
   {"Namespace": "aws:autoscaling:launchconfiguration",
   "OptionName": "IamInstanceProfile",
   "Value": ElasticBeanstalkProfile}
   {"Namespace": "aws:autoscaling:launchconfiguration",
   "OptionName": "BlockDeviceMappings",
   "Value": /dev/sdj=:100,/dev/sdh=snap-51eef269,/dev/sdb=ephemeral0}
   ]

API

For information about all the option values you can pass, see Option Values.

To edit an application's environment settings

  • Call UpdateEnvironment with the following parameters:

    • EnvironmentName = SampleAppEnv

    • OptionSettings.member.1.Namespace = aws:autoscaling:launchconfiguration

    • OptionSettings.member.1.OptionName = InstanceType

    • OptionSettings.member.1.Value = m1.small

    • OptionSettings.member.2.Namespace = aws:autoscaling:launchconfiguration

    • OptionSettings.member.2.OptionName = SecurityGroups

    • OptionSettings.member.2.Value = mysecuritygroup

    • OptionSettings.member.3.Namespace = aws:autoscaling:launchconfiguration

    • OptionSettings.member.3.OptionName = EC2KeyName

    • OptionSettings.member.3.Value = mykeypair

    • OptionSettings.member.4.Namespace = aws:autoscaling:launchconfiguration

    • OptionSettings.member.4.OptionName = MonitoringInterval

    • OptionSettings.member.4.Value = 1 minute

    • OptionSettings.member.5.Namespace = aws:autoscaling:launchconfiguration

    • OptionSettings.member.5.OptionName = ImageId

    • OptionSettings.member.5.Value = ami-cbab67a2

    • OptionSettings.member.6.Namespace = aws:autoscaling:launchconfiguration

    • OptionSettings.member.6.OptionName = IamInstanceProfile

    • OptionSettings.member.6.Value = ElasticBeanstalkProfile

    • OptionSettings.member.7.Namespace = aws:autoscaling:launchconfiguration

    • OptionSettings.member.7.OptionName = BlockDeviceMappings

    • OptionSettings.member.7.Value = /dev/sdj=:100,/dev/sdh=snap-51eef269,/dev/sdb=ephemeral0

    Example

    https://elasticbeanstalk.us-east-1.amazon.com/?EnvironmentName=SampleAppEnv
    &OptionSettings.member.1.Namespace=aws%3Aautoscaling%3Alaunchconfiguration
    &OptionSettings.member.1.OptionName=InstanceType
    &OptionSettings.member.1.Value=m1.small
    &OptionSettings.member.2.Namespace=aws%3Aautoscaling%3Alaunchconfiguration
    &OptionSettings.member.2.OptionName=SecurityGroups
    &OptionSettings.member.2.Value=awseb-e-98pjjgr9cs-stack-AWSEBSecurityGroup-D1FOQASTKD12
    &OptionSettings.member.3.Namespace=aws%3Aautoscaling%3Alaunchconfiguration
    &OptionSettings.member.3.OptionName=EC2KeyName
    &OptionSettings.member.3.Value=mykeypair
    &OptionSettings.member.4.Namespace=aws%3Aautoscaling%3Alaunchconfiguration
    &OptionSettings.member.4.OptionName=MonitoringInterval
    &OptionSettings.member.4.Value=5%20minute
    &OptionSettings.member.5.Namespace=aws%3Aautoscaling%3Alaunchconfiguration
    &OptionSettings.member.5.OptionName=ImageId
    &OptionSettings.member.5.Value=ami-cbab67a2
    &OptionSettings.member.6.Namespace=aws%3Aautoscaling%3Alaunchconfiguration
    &OptionSettings.member.6.OptionName=IamInstanceProfile
    &OptionSettings.member.6.Value=ElasticBeanstalkProfile
    &OptionSettings.member.7.Namespace=aws%3Aautoscaling%3Alaunchconfiguration
    &OptionSettings.member.7.OptionName=BlockDeviceMappings
    &OptionSettings.member.7.Value=/dev/sdj=:100,/dev/sdh=snap-51eef269,/dev/sdb=ephemeral0
    &Operation=UpdateEnvironment
    &AuthParams