AWS elasticbeanstalk high security documentation change
Summary
Added example configuration with DisableDefaultEC2SecurityGroup and SecurityGroups options
Security assessment
The example configuration demonstrates disabling the default security group (which allows open SSH access) and using custom security groups. This directly addresses potential over-permissive default configurations.
Diff
diff --git a/elasticbeanstalk/latest/dg/using-features.managing.ec2.namespace.md b/elasticbeanstalk/latest/dg/using-features.managing.ec2.namespace.md index f53fe7ac2..72324da8b 100644 --- a//elasticbeanstalk/latest/dg/using-features.managing.ec2.namespace.md +++ b//elasticbeanstalk/latest/dg/using-features.managing.ec2.namespace.md @@ -13 +13 @@ The `DisableIMDSv1`, `RootVolumeType`, or `BlockDeviceMappings` option setting c -The following [configuration file](./ebextensions.html) example uses the basic configuration options that are in this topic. For example, it uses the `DisableIMDSv1` option, which is discussed in [IMDS](./environments-cfg-ec2-imds.html). It also uses the `EC2KeyName` and `IamInstanceProfile` options that are discussed in [Security](./using-features.managing.security.html), and the `BlockDeviceMappings` option, which isn't available in the console. +The following [configuration file](./ebextensions.html) example uses the basic configuration options that are explained in this topic. To see examples of additional configuration options when you need to specify security groups for load balancers, see [](./using-features.managing.ec2.aws-cli.html). @@ -20,0 +21,2 @@ The following [configuration file](./ebextensions.html) example uses the basic c + DisableDefaultEC2SecurityGroup: true + SecurityGroups: "sg-abcdef01, sg-abcdef02" @@ -23,0 +26,4 @@ The following [configuration file](./ebextensions.html) example uses the basic c + aws:elasticbeanstalk:environment: + EnvironmentType: SingleInstance + +The `DisableDefaultEC2SecurityGroup` and `BlockDeviceMappings` are not available in the console.