AWS ElasticBeanstalk Audit
Number of APIs: 3
A simple collection to monitor Elastic Beanstalk environments. Auditing environments involves the following steps:
- Fetch all enviromments using the provided access key id and secret token.
- If there are additional enviroments to be fetched beyond the response of the first fetch request, extract the pagination token from the response and use it to repeat the fetch request.
- Once there are no more enviroments to be fetched, save the list of enviroments as an environment variable.
- Iterate over the list, repeating the configuration description request for each environment in the list. Once the config for an environment is known, compare it to a set of expected results to ensure compliance.
PS: This collection is most useful when run as a monitor, so as to run such audits on a periodic basis. You can also configure the inbuilt Slack integration for Qodex monitors, so as to recieve instance alerts when things are amiss.
Required environment variables:
This collection requires the following environment variables:
| Name | Description | Required |
|---|---|---|
| id | The access key id for the audit AWS user | Yes |
| key | The secret access key for the audit AWS user | Yes |
| awsRegion | The region to audit environments in. Defaults to us-east-1 | No |
| maxRecords | The number of environments to retrieve per fetch call. Defaults to 100 (max) | No |
-
Describe Environments GET https://elasticbeanstalk.{{awsRegion}}.amazonaws.com/?Operation=DescribeEnvironments&Version=2010-12-01&MaxRecords={{maxRecords}}&NextToken={{nextToken}}
-
Describe Configuration Settings GET https://elasticbeanstalk.{{awsRegion}}.amazonaws.com/?Operation=DescribeConfigurationSettings&Version=2010-12-01&EnvironmentName={{envName}}&ApplicationName={{appName}}
-
List tags for resource GET https://elasticbeanstalk.{{awsRegion}}.amazonaws.com/?Action=ListTagsForResource&Version=2010-12-01&ResourceArn={{envArn}}