AWS ElasticBeanstalk Audit

Number of APIs: 3

A simple collection to monitor Elastic Beanstalk environments. Auditing environments involves the following steps:

  1. Fetch all enviromments using the provided access key id and secret token.
  2. If there are additional enviroments to be fetched beyond the response of the first fetch request, extract the pagination token from the response and use it to repeat the fetch request.
  3. Once there are no more enviroments to be fetched, save the list of enviroments as an environment variable.
  4. Iterate over the list, repeating the configuration description request for each environment in the list. Once the config for an environment is known, compare it to a set of expected results to ensure compliance.

PS: This collection is most useful when run as a monitor, so as to run such audits on a periodic basis. You can also configure the inbuilt Slack integration for Qodex monitors, so as to recieve instance alerts when things are amiss.

Required environment variables:

This collection requires the following environment variables:

NameDescriptionRequired
idThe access key id for the audit AWS userYes
keyThe secret access key for the audit AWS userYes
awsRegionThe region to audit environments in. Defaults to us-east-1No
maxRecordsThe number of environments to retrieve per fetch call. Defaults to 100 (max)No
  1. Describe Environments GET https://elasticbeanstalk.{{awsRegion}}.amazonaws.com/?Operation=DescribeEnvironments&Version=2010-12-01&MaxRecords={{maxRecords}}&NextToken={{nextToken}}

  2. Describe Configuration Settings GET https://elasticbeanstalk.{{awsRegion}}.amazonaws.com/?Operation=DescribeConfigurationSettings&Version=2010-12-01&EnvironmentName={{envName}}&ApplicationName={{appName}}

  3. List tags for resource GET https://elasticbeanstalk.{{awsRegion}}.amazonaws.com/?Action=ListTagsForResource&Version=2010-12-01&ResourceArn={{envArn}}