# Elastic Beanstalk
AWS Systems Manager Automation provides predefined runbooks for AWS Elastic Beanstalk. For more information about runbooks, see [Working with runbooks](https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-documents.html). For information about how to view runbook content, see [View runbook content](automation-runbook-reference.md#view-automation-json).
**Topics**
+ [`AWSSupport-CollectElasticBeanstalkLogs`](automation-awssupport-collectbeanstalk-logs.md)
+ [`AWSConfigRemediation-EnableElasticBeanstalkEnvironmentLogStreaming`](automation-aws-enable-eb-logging.md)
+ [`AWSConfigRemediation-EnableBeanstalkEnvironmentNotifications`](automation-aws-enable-eb-notifications.md)
+ [`AWSSupport-TroubleshootElasticBeanstalk`](automation-awssupport-troubleshoot-elastic-beanstalk.md)
# `AWSSupport-CollectElasticBeanstalkLogs`
**Description**
The `AWSSupport-CollectElasticBeanstalkLogs` runbook gathers AWS Elastic Beanstalk related log files from an Amazon Elastic Compute Cloud (Amazon EC2) Windows Server instance launched by Elastic Beanstalk to help you troubleshoot common issues. While the automation is gathering the associated log files, changes are made to the file system structure including the creation of temporary directories, the copying of log files to the temporary directories, and compressing the log files into an archive. This activity can result in increased `CPUUtilization` on the Amazon EC2 instance. For more information about `CPUUtilization` , see [Instance metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/viewing_metrics_with_cloudwatch.html#ec2-cloudwatch-metrics) in the *Amazon CloudWatch User Guide* .
If you specify a value for the `S3BucketName` parameter, the automation evaluates the policy status of the Amazon Simple Storage Service (Amazon S3) bucket you specify. To help with the security of the logs gathered from your Amazon EC2 instance, if the policy status `isPublic` is set to `true` , or if the access control list (ACL) grants `READ|WRITE` permissions to the `All Users` Amazon S3 predefined group, the logs are not uploaded. For more information about Amazon S3 predefined groups, see [ Amazon S3 predefined groups](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#specifying-grantee-predefined-groups) in the *Amazon Simple Storage Service User Guide* .
If you do not specify a value for the `S3BucketName` parameter, the automation uploads the log bundle to the default Elastic Beanstalk Amazon S3 bucket in the AWS Region where you run the automation. The directory is named according to the following structure, ` elasticbeanstalk- region - accountID ` . The *region* and *accountID* values will differ based on the Region and AWS account you run the automation in. The log bundle will be saved to the ` resources/environments/logs/bundle/ environmentID / instanceID ` directory. The *environmentID* and *instanceID* values will differ based on your Elastic Beanstalk environment and the Amazon EC2 instance you're gathering logs from.
By default, the AWS Identity and Access Management (IAM) instance profile attached to the Amazon EC2 instances of the Elastic Beanstalk environment has the required permissions to upload the bundle to the default Elastic Beanstalk Amazon S3 bucket for your environment. If you specify a value for the `S3BucketName` parameter, the instance profile attached to the Amazon EC2 instance must allow the `s3:GetBucketAcl` , `s3:GetBucketPolicy` , `s3:GetBucketPolicyStatus` , and `s3:PutObject` actions for the specified Amazon S3 bucket and path.
**Note**
This automation requires at least 500 MB of available disk space on the root Amazon Elastic Block Store (Amazon EBS) volume attached to your Amazon EC2 instance. If there is not enough available disk space on the root volume, the automation stops.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-CollectElasticBeanstalkLogs)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ EnvironmentId
Type: String
Description: (Required) The ID of your Elastic Beanstalk environment you want to collect the log bundle from.
+ InstanceId
Type: String
(Required) The ID of the Amazon EC2 instance in your Elastic Beanstalk environment you want to collect the log bundle from.
+ S3BucketName
Type: String
(Optional) The Amazon S3 bucket you want to upload the archived logs to.
+ S3BucketPath
Type: String
(Optional) The Amazon S3 bucket path you want to upload the log bundle to. This parameter is ignored if you do not specify a value for the `S3BucketName` parameter.
**Required IAM permissions**
The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+ `ssm:StartAutomationExecution`
+ `ssm:GetAutomationExecution`
+ `ssm:SendCommand`
+ `ssm:DescribeInstanceInformation`
+ `ec2:DescribeInstances`
**Document Steps**
+ `aws:assertAwsResourceProperty` - Confirms the Amazon EC2 instance you specify in the `InstanceId` parameter is managed by AWS Systems Manager.
+ `aws:assertAwsResourceProperty` - Confirms the Amazon EC2 instance you specify in the `InstanceId` parameter is a Windows Server instance.
+ `aws:runCommand` - Checks whether the instance is part of an Elastic Beanstalk environment, if there is sufficient disk space to bundle the logs, and whether the Amazon S3 bucket to which the logs would be uploaded to is public.
+ `aws:runCommand` - Collects the log files and uploads the archive to the Amazon S3 bucket specified in the `S3BucketName` parameter or to the default bucket for your Elastic Beanstalk environment if a value is not specified.
# `AWSConfigRemediation-EnableElasticBeanstalkEnvironmentLogStreaming`
**Description**
The `AWSConfigRemediation-EnableElasticBeanstalkEnvironmentLogStreaming` runbook enables logging on the AWS Elastic Beanstalk (Elastic Beanstalk) environment you specify.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWSConfigRemediation-EnableElasticBeanstalkEnvironmentLogStreaming)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Required) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.
+ EnvironmentId
Type: String
Description: (Required) The ID of the Elastic Beanstalk environment that you want to enable logging on.
**Required IAM permissions**
The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+ `ssm:StartAutomationExecution`
+ `ssm:GetAutomationExecution`
+ `elasticbeanstalk:DescribeConfigurationSettings`
+ `elasticbeanstalk:DescribeEnvironments`
+ `elasticbeanstalk:UpdateEnvironment`
**Document Steps**
+ `aws:executeAwsApi` - Enables logging on the Elastic Beanstalk environment you specify in the `EnvironmentId` parameter.
+ `aws:waitForAwsResourceProperty` - Waits for the status of the environment to change to `Ready` .
+ `aws:executeScript` - Verifies logging has been enabled on the Elastic Beanstalk environment.
# `AWSConfigRemediation-EnableBeanstalkEnvironmentNotifications`
**Description**
The `AWSConfigRemediation-EnableBeanstalkEnvironmentNotifications` runbook enables notifications for the AWS Elastic Beanstalk (Elastic Beanstalk) environment you specify.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWSConfigRemediation-EnableBeanstalkEnvironmentNotifications)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Required) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.
+ EnvironmentId
Type: String
Description: (Required) The ID of the Elastic Beanstalk environment that you want to enable notifications for.
+ TopicArn
Type: String
Description: (Required) The ARN of the Amazon Simple Notification Service (Amazon SNS) topic you want to send notifications to.
**Required IAM permissions**
The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+ `ssm:StartAutomationExecution`
+ `ssm:GetAutomationExecution`
+ `elasticbeanstalk:DescribeConfigurationSettings`
+ `elasticbeanstalk:DescribeEnvironments`
+ `elasticbeanstalk:UpdateEnvironment`
**Document Steps**
+ `aws:executeAwsApi` - Enables notifications for the Elastic Beanstalk environment you specify in the `EnvironmentId` parameter.
+ `aws:waitForAwsResourceProperty` - Waits for the status of the environment to change to `Ready` .
+ `aws:executeScript` - Verifies notifications have been enabled for the Elastic Beanstalk environment.
# `AWSSupport-TroubleshootElasticBeanstalk`
**Description**
The `AWSSupport-TroubleshootElasticBeanstalk` runbook helps you troubleshoot the potential reasons why your AWS Elastic Beanstalk environment is in a `Degraded` or `Severe` state. This automation checks the following AWS resources associated with your Elastic Beanstalk environment:
+ Configuration details for a load balancer, AWS CloudFormation stack, Amazon EC2 Auto Scaling group, Amazon Elastic Compute Cloud (Amazon EC2) instances, and virtual private cloud (VPC).
+ Network configuration issues with the associated security group rules, route tables, and network access control lists (ACLs) associated with your subnets.
+ Verifies connectivity to the Elastic Beanstalk endpoints and public internet access.
+ Verifies the status of the load balancer.
+ Verifies the status of the Amazon EC2 instances.
+ Retrieves a log bundle from your Elastic Beanstalk environment, and optionally uploads the files to Support.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-TroubleshootElasticBeanstalk)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ ApplicationName
Type: String
Description: (Required) The name of your Elastic Beanstalk application.
+ EnvironmentName
Type: String
Description: (Required) The name of your Elastic Beanstalk environment.
+ AWSS3UploaderLink
Type: String
Description: (Optional) A URL provided to you by Support to upload the log bundle from your Elastic Beanstalk environment to. This option is only available to customers who have purchased an Support plan, and have opened a Support case.
**Required IAM permissions**
The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+ `autoscaling:Describe*`
+ `cloudformation:Describe*`
+ `cloudformation:Estimate*`
+ `cloudformation:Get*`
+ `cloudformation:List*`
+ `cloudformation:Validate*`
+ `cloudwatch:Describe*`
+ `cloudwatch:Get*`
+ `cloudwatch:List*`
+ `ec2:Describe*`
+ `elasticbeanstalk:Check*`
+ `elasticbeanstalk:Describe*`
+ `elasticbeanstalk:List*`
+ `elasticbeanstalk:RetrieveEnvironmentInfo*`
+ `elasticbeanstalk:RequestEnvironmentInfo*`
+ `elasticloadbalancing:Describe*`
+ `rds:Describe*`
+ `s3:Get*`
+ `s3:List*`
+ `sns:Get*`
+ `sns:List*`
**Document Steps**
+ `aws:executeScript` - Verifies the AWS Identity and Access Management (IAM) principal who started the automation has the requisite permissions to perform all of the actions defined in the runbook.
+ `aws:branch` - Branches the workflow based on the results of the previous step.
+ `aws:executeScript` - Collects information about the Elastic Beanstalk environment including the load balancer, CloudFormation stack, Auto Scaling group, Amazon EC2 instances, and VPC configuration.
+ `aws:executeScript` - Checks for network connectivity issues with the route tables and ACLs associated with the subnets in your VPC.
+ `aws:executeScript` - Checks for network connectivity issues with the security group rules associated with your Amazon EC2 instances.
+ `aws:executeScript` - Verifies the status checks for the Amazon EC2 instances.
+ `aws:executeScript` - Generates a link for a log bundle of your Elastic Beanstalk environment.
+ `aws:executeScript` - Uploads log bundle to Support.
+ `aws:executeScript` - Outputs a report of action items to help you troubleshoot issues that might be affecting the status of your Elastic Beanstalk environment.