AWS elasticbeanstalk documentation change
Summary
Added section headers and expanded troubleshooting guidance for CloudWatch Logs issues, including throttling error resolution
Security assessment
Changes focus on operational troubleshooting (log visibility, throttling errors) and configuration adjustments. While denial of service is mentioned in the context of rate-limiting risks, this is presented as a system reliability consideration rather than addressing a specific security vulnerability. The throttling guidance relates to API quota management without security implications.
Diff
diff --git a/elasticbeanstalk/latest/dg/AWSHowTo.cloudwatchlogs.md index 56c98807e..76a322358 100644 --- a/elasticbeanstalk/latest/dg/AWSHowTo.cloudwatchlogs.md +++ b/elasticbeanstalk/latest/dg/AWSHowTo.cloudwatchlogs.md @@ -351 +351,3 @@ For more information about configuring CloudWatch Logs, see the [CloudWatch agen -If you can't find some of the environment's instance logs you expect in CloudWatch Logs, you can investigate the following common issues: +###### Unable to locate environment instance logs + +If you can't find some of the environment's instance logs that you expect in CloudWatch Logs, investigate the following common issues: @@ -362 +364,16 @@ If you can't find some of the environment's instance logs you expect in CloudWat -If your Elastic Beanstalk application logs `(/var/log/web.stdout.log)` appear to be missing or intermittent, this may be due to default rate-limiting settings in rsyslog and journald. While disabling rate-limiting entirely can resolve this issue, it's not recommended as it could lead to excessive disk usage, potential denial of service, or system performance degradation during unexpected log bursts. Instead, you can adjust the rate limits using the following [`.ebextensions configuration`](https://github.com/awsdocs/elastic-beanstalk-samples/tree/main/configuration-files/aws-provided/instance-configuration/logs-ratelimitcloudwatchlogs-linux.config). This configuration increases the rate limit interval to 600 seconds with higher burst limits, providing a balance between proper logging and system protection. +###### Application logs missing or intermittent + +If your Elastic Beanstalk application logs, (`/var/log/web.stdout.log`), appear to be missing or intermittent, this may be due to default rate-limiting settings in rsyslog and journald. While disabling rate-limiting entirely can resolve this issue, it's not recommended as it could lead to excessive disk usage, potential denial of service, or system performance degradation during unexpected log bursts. Instead, you can adjust the rate limits using the following [`.ebextensions configuration`](https://github.com/awsdocs/elastic-beanstalk-samples/tree/main/configuration-files/aws-provided/instance-configuration/logs-ratelimitcloudwatchlogs-linux.config). This configuration increases the rate limit interval to 600 seconds with higher burst limits, providing a balance between proper logging and system protection. + +###### Throttling issues + +If an Elastic Beanstalk operation that concurrently launches a large number of instances returns a message like `Error: fail to create log stream: ThrottlingException: Rate exceeded`, it's throttling from too many calls to the CloudWatch API. + +To resolve the throttling issue take one of the following actions: + + * Use a smaller batch size with rolling deployments to reduce concurrent updates. + + * Request an increase for your AWS account's Transaction Per Second (TPS) limit service quota for _CreateLogStream_. For more information, see [ CloudWatch Logs quotas](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch_limits_cwl.html) and [ Managing your CloudWatch Logs service quotas](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch_limits_cwl.html#service-quotas-manage) in the _Amazon CloudWatch Logs User Guide_. + + +