Skip to main content

lacework-global-822

Elastic Beanstalk should stream logs to CloudWatch (Automated)

Description

CloudWatch helps you collect and monitor various metrics for your applications and infrastructure resources. You can also use CloudWatch to configure alarm actions based on specific metrics. After integrating Elastic Beanstalk with CloudWatch, you get increased visibility into your Elastic Beanstalk environment. Elastic Beanstalk logs include the eb-activity.log, access logs from the environment nginx or Apache proxy server, and logs that are specific to an environment.

Remediation

From the AWS Console:

  1. Log in to the AWS Management Console.
  2. Click Services.
  3. Select Compute > Elastic Beanstalk.
  4. Select your Region from the Regions List.
  5. Click the Navigation Pane, then Environments.
  6. In the Navigation Pane, click Configuration.
  7. In the Updates, monitoring, and logging section, click Edit.
  8. Enable Log streaming.
  9. Click Apply.

From the AWS CLI:

  1. Run the following command to enable CloudWatch Log streaming globally:
eb logs --cloudwatch-logs enable

References

https://docs.aws.amazon.com/securityhub/latest/userguide/elasticbeanstalk-controls.html#elasticbeanstalk-3
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.cloudwatchlogs.html#AWSHowTo.cloudwatchlogs.streaming

Last updated on