Using Elastic Beanstalk with Amazon S3 - AWS Elastic Beanstalk

Using Elastic Beanstalk with Amazon S3

Amazon Simple Storage Service (Amazon S3) provides highly durable, fault-tolerant data storage.

Elastic Beanstalk creates an Amazon S3 bucket named elasticbeanstalk-region-account-id for each region in which you create environments. Elastic Beanstalk uses this bucket to store objects, for example temporary configuration files, that are required for the proper operation of your application.

Elastic Beanstalk doesn't turn on default encryption for the Amazon S3 bucket that it creates. This means that by default, objects are stored unencrypted in the bucket (and are accessible only by authorized users). Some applications require all objects to be encrypted when they are stored—on a hard drive, in a database, etc. (also known as encryption at rest). If you have this requirement, you can configure your account's buckets for default encryption. For more details, see Amazon S3 Default Encryption for S3 Buckets in the Amazon Simple Storage Service User Guide.

Contents of the Elastic Beanstalk Amazon S3 bucket

The following table lists some objects that Elastic Beanstalk stores in your elasticbeanstalk-* Amazon S3 bucket. The table also shows which objects have to be deleted manually. To avoid unnecessary storage costs, and to ensure that personal information isn't retained, be sure to manually delete these objects when you no longer need them.

Object When stored? When deleted?

Application versions

When you create an environment or deploy your application code to an existing environment, Elastic Beanstalk stores an application version in Amazon S3 and associates it with the environment.

During application deletion, and according to Version lifecycle.

Source bundles

When you upload a new application version using the Elastic Beanstalk console or the EB CLI, Elastic Beanstalk stores a copy of it in Amazon S3, and sets it as your environment's source bundle.

Manually. When you delete an application version, you can choose Delete versions from Amazon S3 to also delete the related source bundle. For details, see Managing application versions.

Custom platforms

When you create a custom platform, Elastic Beanstalk temporarily stores related data in Amazon S3.

Upon successful completion of the custom platform's creation.

Log files

You can request Elastic Beanstalk to retrieve instance log files (tail or bundle logs) and store them in Amazon S3. You can also enable log rotation and configure your environment to publish logs automatically to Amazon S3 after they are rotated.

Tail and bundle logs: 15 minutes after they are created.

Rotated logs: Manually.

Saved configurations

Manually.

Manually.

Deleting objects in the Elastic Beanstalk Amazon S3 bucket

When you terminate an environment or delete an application, Elastic Beanstalk deletes most related objects from Amazon S3. To minimize storage costs of a running application, routinely delete objects that your application doesn't need. In addition, pay attention to objects that you have to delete manually, as listed in Contents of the Elastic Beanstalk Amazon S3 bucket. To ensure that private information isn't unnecessarily retained, delete these objects when you don't need them anymore.

  • Delete application versions that you don't expect to use in your application anymore. When you delete an application version, you can select Delete versions from Amazon S3 to also delete the related source bundle—a copy of your application's source code and configurations files, which Elastic Beanstalk uploaded to Amazon S3 when you deployed an application or uploaded an application version. To learn how to delete an application version, see Managing application versions.

  • Delete rotated logs that you don't need. Alternatively, download them or move them to Amazon S3 Glacier for further analysis.

  • Delete saved configurations that you aren't going to use in any environment anymore.

Deleting the Elastic Beanstalk Amazon S3 bucket

When Elastic Beanstalk creates a bucket it also creates a bucket policy that it applies to the new bucket. This policy servers two purposes:

  • To allow environments to write to the bucket.

  • To prevent accidental deletion of the bucket.

Due to the policy that Elastic Beanstalk applies to the buckets that it creates for your environments, you're not be allowed to delete these buckets, unless you deliberately delete the bucket policy first. You can delete the bucket policy from the Permissions section of the bucket properties in the Amazon S3 console.

Warning

If you delete a bucket that Elastic Beanstalk created in your account, and you still have existing applications and running environments in the corresponding region, your applications might stop working correctly. For example:

  • When an environment scales out, Elastic Beanstalk should be able to find the environment's application version in the Amazon S3 bucket and use it to start new Amazon EC2 instances.

  • When you create a custom platform, Elastic Beanstalk uses temporary Amazon S3 storage during the creation process.

We recommend that you delete specific unnecessary objects from your Elastic Beanstalk Amazon S3 bucket, instead of deleting the entire bucket.

To delete an Elastic Beanstalk storage bucket (console)

The general procedure to delete an S3 bucket is also described in To delete an S3 bucket in the Amazon S3 User Guide. Since we're deleting a bucket created by Elastic Beanstalk in the following procedure, we include additional steps to delete the bucket policy first.

  1. Open the Amazon S3 console.

  2. Open the Elastic Beanstalk storage bucket's page by choosing the bucket name.

  3. Choose the Permissions tab.

  4. Choose Bucket Policy.

  5. Choose Delete.

  6. Go back to the Amazon S3 console's main page, and then select the Elastic Beanstalk storage bucket.

  7. Choose Delete Bucket.

  8. Confirm that you want to delete the bucket by entering the bucket name into the text field, and then choose Delete bucket.