dataset/docs/beanstalk.txt

AWS Elastic Beanstalk

Developer Guide

What is AWS Elastic Beanstalk?
With Elastic Beanstalk you can deploy web applications into the AWS Cloud on a variety of
supported platforms. You build and deploy your applications. Elastic Beanstalk provisions Amazon
EC2 instances, configures load balancing, sets up health monitoring, and dynamically scales your
environment.
In addition to web server environments, Elastic Beanstalk also provides worker environments which
you can use to process messages from an Amazon SQS queue, useful for asynchronous or longrunning tasks. For more information, see Elastic Beanstalk worker environments.

1

AWS Elastic Beanstalk

Developer Guide

Supported platforms
Elastic Beanstalk supports applications developed in Go, Java, .NET, Node.js, PHP, Python,
and Ruby. Elastic Beanstalk also supports Docker containers, where you can choose your own
programming language and application dependencies. When you deploy your application, Elastic
Supported platforms

2

AWS Elastic Beanstalk

Developer Guide

Beanstalk builds the selected supported platform version and provisions one or more AWS
resources, such as Amazon EC2 instances, in your AWS account to run your application.
You can interact with Elastic Beanstalk through the Elastic Beanstalk console, the AWS Command
Line Interface (AWS CLI), or the EB CLI, a high-level command line tool designed specifically for
Elastic Beanstalk.
You can perform most deployment tasks, such as changing the size of your fleet of Amazon
EC2 instances or monitoring your application, directly from the Elastic Beanstalk web interface
(console).
To learn more about how to deploy a sample web application using Elastic Beanstalk, see Learn
how to get started with Elastic Beanstalk.

Application deploy workflow
To use Elastic Beanstalk, you create an application, then upload your application source bundle
to Elastic Beanstalk. Next, you provide information about the application, and Elastic Beanstalk
automatically launches an environment and creates and configures the AWS resources needed to
run your code.
After you create and deploy your application and your environment is launched, you can manage
your environment and deploy new application versions. Information about the application—
including metrics, events, and environment status—is made available through the Elastic Beanstalk
console, APIs, and Command Line Interfaces.
The following diagram illustrates Elastic Beanstalk workflow:

Pricing
There is no additional charge for Elastic Beanstalk. You pay only for the underlying AWS resources
that your application consumes. For details about pricing, see the Elastic Beanstalk service detail
page.
Application deploy workflow

3

AWS Elastic Beanstalk

Developer Guide

Next steps
We recommend the tutorial, Getting started tutorial, to start using Elastic Beanstalk. The tutorial
steps you through creating, viewing, and updating a sample Elastic Beanstalk application.

Next steps

4

AWS Elastic Beanstalk

Developer Guide

Learn how to get started with Elastic Beanstalk
With Elastic Beanstalk you can deploy, monitor, and scale web applications and services. Typically,
you will develop your code locally then deploy it to Amazon EC2 server instances. Theses instances,
also called environments, run on platforms that can be upgraded through the AWS console or the
command line.
To get started, we recommend deploying a pre-built sample application directly from the console.
Then, you can learn how to develop locally and deploy from the command line in the the section
called “QuickStart for PHP”.
There is no cost for using Elastic Beanstalk, but standard fees do apply to AWS resources that you
create during the course of this tutorial until you delete them at the end. The total charges are
typically less than a dollar. For information about how to minimize charges, see AWS free tier.
After completing this tutorial, you will understand the basics of creating, configuring, deploying,
updating, and monitoring an Elastic Beanstalk application with environments running on Amazon
EC2 instances.
Estimated duration: 35-45 minutes

5

AWS Elastic Beanstalk

Developer Guide

What you will build
Your first Elastic Beanstalk application will consist of a single Amazon EC2 environment running
the PHP sample on a PHP managed platform.
Elastic Beanstalk application
An Elastic Beanstalk application is a container for Elastic Beanstalk components, including
environments where your application code runs on platforms provided and managed by Elastic
Beanstalk, or in custom containers that you provide.
Environment
An Elastic Beanstalk environment is a collection of AWS resources running together including
an Amazon EC2 instance. When you create an environment, Elastic Beanstalk provisions the
necessary resources into your AWS account.
Platform
A platform is a combination of an operating system, programming language runtime, web
server, application server, and additional Elastic Beanstalk components. Elastic Beanstalk
provides manged platforms, or you can provide your own platform in a container.
Elastic Beanstalk supports platforms for different programming languages, application servers,
and Docker containers. When you create an environment, you must choose the platform. You can
upgrade the platform, but you cannot change the platform for an environment.
Switching platforms
If you need to change programming languages, you must create and switch to a new
environment on a different platform.

Step 1 - Create an application
To create your example application, you'll use the Create application console wizard. It creates an
Elastic Beanstalk application and launches an environment within it.
Reminder: an environment is a collection of AWS resources required to run your application code.
What you will build

7

AWS Elastic Beanstalk

Developer Guide

To create an application
1.

Open the Elastic Beanstalk console.

2.

Choose Create application.

3.

For Application name enter getting-started-app.

The console provides a six step process for creating an application and configuring an environment.
For this quick start, you'll only need to focus on the first two steps, then you can skip ahead to
review and create your application and environment.
To configure an environment
1.

In Environment information, for Environment name enter: gs-app-web-env.

2.

For Platform, choose the PHP platform.

3.

For Application code and Presets, accept the defaults (Sample application and Single instance),
then choose Next.

To configure service access
Next, you need two roles. A service role allows Elastic Beanstalk to monitor your EC2 instances and
upgrade you environment’s platform. An EC2 instance profile role permits tasks such as writing logs
and interacting with other services.
To create the Service role
1.

For Service role, choose Create role.

2.

For Trusted entity type, choose AWS service.

Step 1 - Create an application

8

AWS Elastic Beanstalk

3.

For Use case, choose Elastic Beanstalk – Environment.

4.

Choose Next.

5.

Verify that Permissions policies include the following, then choose Next:

Developer Guide

• AWSElasticBeanstalkEnhancedHealth
• AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
6.

Choose Create role.

7.

Return to the Configure service access tab, refresh the list, then select the newly created
service role.

To create the EC2 instance profile
1.

Choose Create role.

2.

For Trusted entity type, choose AWS service.

3.

For Use case, choose Elastic Beanstalk – Compute.

4.

Choose Next.

5.

Verify that Permissions policies include the following, then choose Next:
• AWSElasticBeanstalkWebTier
• AWSElasticBeanstalkWorkerTier
• AWSElasticBeanstalkMulticontainerDocker

6.

Choose Create role.

7.

Return to the Configure service access tab, refresh the list, then select the newly created EC2
instance profile.

To finish configuring and creating your application
1.

Skip over EC2 key pair.
We'll show you other ways to connect to your Amazon EC2 instances through the Console.

2.

Choose Skip to Review to move over several optional steps.
Optional steps: networking, databases, scaling parameters, advanced configuration for updates,
monitoring, and logging.

3.

On the Review page which shows a summary of your choices, choose Submit.

Step 1 - Create an application

9

AWS Elastic Beanstalk

Developer Guide

Congratulations!
You have created an application and configured an environment! Now you need to wait for
the resources to deploy.

Step 2 - Deploy your application
When you create an application, Elastic Beanstalk sets up the environments for you. You just need
to sit back and wait.
The initial deploy can take up to five minutes to create the resources. Updates will take less time
because only changes will be deployed to your stack.

When you create the example application, Elastic Beanstalk creates the following resources:
• EC2 instance – An Amazon EC2 virtual machine configured to run web apps on the platform you
selected.
Every platform runs a different set of software, configuration files, and scripts to support a
specific language version, framework, web container, or combination thereof. Most platforms
use either Apache or nginx as a reverse proxy to forward web traffic to your web app, serve static
assets, and generate access and error logs. You can connect to your Amazon EC2 instances to
view configuration and logs.

Step 2 - Deploy your application

10

AWS Elastic Beanstalk

Developer Guide

• Instance security group – An Amazon EC2 security group will be created to allow incoming
requests on port 80, so inbound traffic on a load balancer can reach your web app.
• Amazon S3 bucket – A storage location for your source code, logs, and other artifacts.
• Amazon CloudWatch alarms – Two CloudWatch alarms are created to monitor the load on your
instances and scale them up or down as needed.
• AWS CloudFormation stack – Elastic Beanstalk uses AWS CloudFormation to deploy the
resources in your environment and make configuration changes. You can view the resource
definition template in the AWS CloudFormation console.
• Domain name – A domain name that routes to your web app in the form :
subdomain.region.elasticbeanstalk.com.
Elastic Beanstalk creates your application, launches an environment, makes an application version,
then deploys your code into the environment. During the process, the console tracks progress and
displays event status in the Events tab.

Step 2 - Deploy your application

11

AWS Elastic Beanstalk

Developer Guide

Your application is ready!
After you see your application health change to Ok, you can browse to your web
application's website.

Step 3 - Explore the Elastic Beanstalk environment
You'll start exploring your deployed application environment from the Environment overview
page in the console.
To view the environment and your application
1.

Open the Elastic Beanstalk console, and in the Regions list, select your AWS Region.

2.

In the navigation pane, choose Environments, and then choose the name of your environment
from the list.

3.

Choose Go to environment to browse your application!
(You can also choose the URL link listed for Domain to browse your application.)
The connection will be HTTP (not HTTPS), so you might see a warning in your browser.

Step 3 - Explore the environment

13

AWS Elastic Beanstalk

Developer Guide

Back in the Elastic Beanstalk console, the upper portion shows the Environment overview with
top level information about your environment, including name, domain URL, current health status,
running version, and the platform that the application is running on. The running version and
platform are essential for troubleshooting your currently deployed application.
After the overview pane, you will see recent environment activity in the Events tab.

Step 3 - Explore the environment

14

AWS Elastic Beanstalk

Developer Guide

While Elastic Beanstalk creates your AWS resources and launches your application, the environment
is in a Pending state. Status messages about launch events are continuously added to the list of
Events .
The environment's Domain is the URL for your deployed web application. In the left navigation
pane, Go to environment also takes you to your domain. Similarly, the left navigation pane has
links that correspond to the various tabs.
Take note of the Configuration link in the left navigation pane. which displays a summary of
environment configuration option values, grouped by category.

Environment configuration settings
Take note of the Configuration link in the left navigation pane. You can view and edit
detailed environment settings, such as service roles, networking, database, scaling,
managed platform updates, memory, health monitoring, rolling deployment, logging, and
more!

The various tabs contain detailed information about your environment:

Step 3 - Explore the environment

15

AWS Elastic Beanstalk

Developer Guide

Understanding concepts in Elastic Beanstalk
Becoming familiar with the concepts and terms will help you gain an understanding needed for
deploying your applications with Elastic Beanstalk.

142

AWS Elastic Beanstalk

Developer Guide

Application
An Elastic Beanstalk application is a container for Elastic Beanstalk components, including
environments, versions, and environment configurations. Within an Elastic Beanstalk application,
you manage all the resources relevant to running your code.

Application version
In Elastic Beanstalk, an application version refers to a specific, labeled iteration of deployable code
for a web application. An application version points to an Amazon Simple Storage Service (Amazon
S3) object that contains the deployable code, such as a Java WAR file.
An application version is part of an application. Applications can have many versions and each
application version is unique. In a running environment, you can deploy any application version you
already uploaded to the application, or you can upload and immediately deploy a new application
version. For example, you could upload multiple application versions to test differences between
them.

Environment
An environment is a collection of AWS resources running an application version. Each environment
runs only one application version at a time, however, you can run the same application version
or different application versions in many environments simultaneously. When you create an
environment, Elastic Beanstalk provisions the resources needed in your AWS account to run the
application version you specified.

Environment tier
When you launch an Elastic Beanstalk environment, you first choose an environment tier. The
environment tier designates the type of application that the environment runs and determines
what resources Elastic Beanstalk provisions to support it. An application that serves HTTP requests
runs in a web server environment tier. A backend environment that pulls tasks from an Amazon
Simple Queue Service (Amazon SQS) queue runs in a worker environment tier.

Environment configuration
An environment configuration identifies a collection of parameters and settings that define
how an environment and its associated resources behave. When you update an environment’s
Application

143

AWS Elastic Beanstalk

Developer Guide

configuration settings, Elastic Beanstalk automatically applies the changes to existing resources or
deletes and deploys new resources (depending on the type of change).

Saved configuration
A saved configuration is a template that you can use as a starting point for creating unique
environment configurations. You can create and modify saved configurations, and apply them to
environments, using the Elastic Beanstalk console, EB CLI, AWS CLI, or API. The API and the AWS
CLI refer to saved configurations as configuration templates.

Platform
A platform is a combination of an operating system, programming language runtime, web server,
application server, and Elastic Beanstalk components. You design and target your web application
to a platform. Elastic Beanstalk provides a variety of platforms on which you can build your
applications.
For details, see Elastic Beanstalk platforms.

Elastic Beanstalk web server environments
The following diagram shows an example Elastic Beanstalk architecture for a web server
environment tier, and shows how the components in that type of environment tier work together.

Saved configuration

144

AWS Elastic Beanstalk

Developer Guide

The environment is the heart of the application. In the diagram, the environment is shown within
the top-level solid line. When you create an environment, Elastic Beanstalk provisions the resources
required to run your application. AWS resources created for an environment include one elastic
load balancer (ELB in the diagram), an Auto Scaling group, and one or more Amazon Elastic
Compute Cloud (Amazon EC2) instances.
Every environment has a CNAME (URL) that points to a load balancer. The environment
has a URL, such as myapp.us-west-2.elasticbeanstalk.com. This URL is aliased in
Amazon Route 53 to an Elastic Load Balancing URL—something like abcdef-123456.uswest-2.elb.amazonaws.com—by using a CNAME record. Amazon Route 53 is a highly available
and scalable Domain Name System (DNS) web service. It provides secure and reliable routing to
your infrastructure. Your domain name that you registered with your DNS provider will forward
requests to the CNAME.
The load balancer sits in front of the Amazon EC2 instances, which are part of an Auto Scaling
group. Amazon EC2 Auto Scaling automatically starts additional Amazon EC2 instances to
accommodate increasing load on your application. If the load on your application decreases,
Amazon EC2 Auto Scaling stops instances, but always leaves at least one instance running.
The software stack running on the Amazon EC2 instances is dependent on the container type.
A container type defines the infrastructure topology and software stack to be used for that
environment. For example, an Elastic Beanstalk environment with an Apache Tomcat container uses
the Amazon Linux operating system, Apache web server, and Apache Tomcat software. For a list of
supported container types, see Elastic Beanstalk supported platforms. Each Amazon EC2 instance
that runs your application uses one of these container types. In addition, a software component
called the host manager (HM) runs on each Amazon EC2 instance. The host manager is responsible
for the following:
• Deploying the application
• Aggregating events and metrics for retrieval via the console, the API, or the command line
• Generating instance-level events
• Monitoring the application log files for critical errors
• Monitoring the application server
• Patching instance components
• Rotating your application's log files and publishing them to Amazon S3

Web server environments

145

AWS Elastic Beanstalk

Developer Guide

The host manager reports metrics, errors and events, and server instance status, which are
available via the Elastic Beanstalk console, APIs, and CLIs.
The Amazon EC2 instances shown in the diagram are part of one security group. A security group
defines the firewall rules for your instances. By default, Elastic Beanstalk defines a security
group, which allows everyone to connect using port 80 (HTTP). You can define more than one
security group. For example, you can define a security group for your database server. For more
information about Amazon EC2 security groups and how to configure them for your Elastic
Beanstalk application, see EC2 security groups.

Elastic Beanstalk worker environments
AWS resources created for a worker environment tier include an Auto Scaling group, one or more
Amazon EC2 instances, and an IAM role. For the worker environment tier, Elastic Beanstalk also
creates and provisions an Amazon SQS queue if you don’t already have one. When you launch a
worker environment, Elastic Beanstalk installs the necessary support files for your programming
language of choice and a daemon on each EC2 instance in the Auto Scaling group. The daemon
reads messages from an Amazon SQS queue. The daemon sends data from each message that
it reads to the web application running in the worker environment for processing. If you have
multiple instances in your worker environment, each instance has its own daemon, but they all read
from the same Amazon SQS queue.
The following diagram shows the different components and their interactions across environments
and AWS services.

Worker environments

146

AWS Elastic Beanstalk

Developer Guide

Amazon CloudWatch is used for alarms and health monitoring. For more information, go to Basic
health reporting.
For details about how the worker environment tier works, see Elastic Beanstalk worker
environments.

Design considerations for your Elastic Beanstalk applications
Because applications deployed using AWS Elastic Beanstalk run on AWS Cloud resources, you
should keep several configuration factors in mind to optimize your applications: scalability, security,
persistent storage, fault tolerance, content delivery, software updates and patching, and connectivity.
Each of these are covered separately in this topic. For a comprehensive list of technical AWS
whitepapers, covering topics such as architecture, as well as security and economics, see AWS Cloud
Computing Whitepapers.

Design considerations

147

AWS Elastic Beanstalk

Developer Guide

Scalability
When operating in a physical hardware environment, in contrast to a cloud environment, you can
approach scalability in one of either two ways. Either you can scale up through vertical scaling
or you can scale out through horizontal scaling. The scale-up approach requires that you invest
in powerful hardware, which can support the increasing demands of your business. The scaleout approach requires that you follow a distributed model of investment. As such, your hardware
and application acquisitions can be more targeted, your data sets are federated, and your design
is service oriented. The scale-up approach can be expensive, and there's also the risk that your
demand could outgrow your capacity. In this regard, the scale-out approach is usually more
effective. However, when using it, you must be able to predict demand at regular intervals and
deploy infrastructure in chunks to meet that demand. As a result, this approach can often lead to
unused capacity and might require some careful monitoring.
By migrating to the cloud, you can make your infrastructure align well with demand by leveraging
the elasticity of cloud. Elasticity helps to streamline resource acquisition and release. With it,
your infrastructure can rapidly scale in and scale out as demand fluctuates. To use it, configure
your Auto Scaling settings to scale up or down based on the metrics for the resources in your
environment. For example, you can set metrics such as server utilization or network I/O. You can
use Auto Scaling for compute capacity to be added automatically whenever usage rises and for it
to be removed whenever usage drops. You can publish system metrics (for example, CPU, memory,
disk I/O, and network I/O) to Amazon CloudWatch. Then, you can use CloudWatch to configure
alarms to trigger Auto Scaling actions or send notifications based on these metrics. For instructions
on how to configure Auto Scaling, see Auto Scaling your Elastic Beanstalk environment instances.
We also recommend that you design all your Elastic Beanstalk applications as stateless as possible,
using loosely coupled, fault-tolerant components that can be scaled out as needed. For more
information about designing scalable application architectures for AWS, see AWS Well-Architected
Framework.

Security
Security on AWS is a shared responsibility. Amazon Web Services protects the physical resources
in your environment and ensures that the Cloud is a safe place for you to run applications. You're
responsible for the security of data coming in and out of your Elastic Beanstalk environment and
the security of your application.
Configure SSL to protect information that flows between your application and clients. To configure
SSL, you need a free certificate from AWS Certificate Manager (ACM). If you already have a
Scalability

148

AWS Elastic Beanstalk

Developer Guide

certificate from an external certificate authority (CA), you can use ACM to import that your
certificate. Otherwise, you can import it using the AWS CLI.
If ACM isn't available in your AWS Region, you can purchase a certificate from an external CA, such
as VeriSign or Entrust. Then, use the AWS Command Line Interface (AWS CLI) to upload a thirdparty or self-signed certificate and private key to AWS Identity and Access Management (IAM). The
public key of the certificate authenticates your server to the browser. It also serves as the basis for
creating the shared session key that encrypts the data in both directions. For instructions on how
to create, upload, and assign an SSL certificate to your environment, see Configuring HTTPS for
your Elastic Beanstalk environment.
When you configure an SSL certificate for your environment, data is encrypted between the client
and the Elastic Load Balancing load balancer for your environment. By default, encryption is
terminated at the load balancer, and traffic between the load balancer and Amazon EC2 instances
is unencrypted.

Persistent storage
Elastic Beanstalk applications run on Amazon EC2 instances that have no persistent local storage.
When the Amazon EC2 instances terminate, the local file system isn't saved. New Amazon EC2
instances start with a default file system. We recommend that you configure your application to
store data in a persistent data source. AWS offers a number of persistent storage services that you
can use for your application. The following table lists them.
Storage service

Service documentation

Elastic Beanstalk integration

Amazon S3

Amazon Simple Storage
Service Documentation

Using Elastic Beanstalk with
Amazon S3

Amazon Elastic File
System

Amazon Elastic File System
Documentation

Using Elastic Beanstalk with
Amazon Elastic File System

Amazon Elastic Block
Store

Amazon Elastic Block Store

Amazon DynamoDB

Amazon DynamoDB
Documentation

Persistent storage

Feature Guide: Elastic Block
Store
Using Elastic Beanstalk with
Amazon DynamoDB
149

AWS Elastic Beanstalk

Developer Guide

Storage service

Service documentation

Elastic Beanstalk integration

Amazon Relational
Database Service (RDS)

Amazon Relational Database
Service Documentation

Using Elastic Beanstalk with
Amazon RDS

Note
Elastic Beanstalk creates a webapp user for you to set up as the owner of application
directories on EC2 instances. For Amazon Linux 2 platform versions that are released on
or after Feburary 3, 2022, Elastic Beanstalk assigns the webapp user a uid (user id) and gid
(group id) value of 900 for new environments. It does the same for existing environments
following a platform version update. This approach keeps consistent access permission for
the webapp user to permanent file system storage.
In the unlikely situation that another user or process is already using 900, the operating
system defaults the webapp user uid and gid to another value. Run the Linux command
id webapp on your EC2 instances to verify the uid and gid values that are assigned to the
webapp user.

Fault tolerance
As a rule of thumb, you should be a pessimist when designing architecture for the cloud. Leverage
the elasticity that it offers. Always design, implement, and deploy for automated recovery from
failure. Use multiple Availability Zones for your Amazon EC2 instances and for Amazon RDS.
Availability Zones are conceptually like logical data centers. Use Amazon CloudWatch to get more
visibility into the health of your Elastic Beanstalk application and take appropriate actions in case
of hardware failure or performance degradation. Configure your Auto Scaling settings to maintain
your fleet of Amazon EC2 instances at a fixed size so that unhealthy Amazon EC2 instances are
replaced by new ones. If you're using Amazon RDS, then set the retention period for backups, so
that Amazon RDS can perform automated backups.

Content delivery
When users connect to your website, their requests may be routed through a number of individual
networks. As a result, users might experience poor performance due to high latency. Amazon
CloudFront can help ameliorate latency issues by distributing your web content, such as images
and video, across a network of edge locations around the world. Users' requests are routed to the
Fault tolerance

150

AWS Elastic Beanstalk

Developer Guide

nearest edge location, so content is delivered with the best possible performance. CloudFront
works seamlessly with Amazon S3, which durably stores the original, definitive versions of your
files. For more information about Amazon CloudFront, see the Amazon CloudFront Developer
Guide.

Software updates and patching
AWS Elastic Beanstalk regularly releases platform updates to provide fixes, software updates,
and new features. Elastic Beanstalk offers several options to handle platform updates. With
managed platform updates your environment automatically upgrades to the latest version of a
platform during a scheduled maintenance window while your application remains in service. For
environments created on November 25, 2019 or later using the Elastic Beanstalk console, managed
updates are enabled by default whenever possible. You can also manually initiate updates using
the Elastic Beanstalk console or EB CLI.

Connectivity
Elastic Beanstalk needs to be able to connect to the instances in your environment to complete
deployments. When you deploy an Elastic Beanstalk application inside an Amazon VPC, the
configuration required to enable connectivity depends on the type of Amazon VPC environment
you create:
• For single-instance environments, no additional configuration is required. This is because, with
these environments, Elastic Beanstalk assigns each Amazon EC2 instance a public Elastic IP
address that enables the instance to communicate directly with the internet.
• For load-balanced, scalable environments in an Amazon VPC with both public and private
subnets, you must do the following:
• Create a load balancer in the public subnet to route inbound traffic from the internet to the
Amazon EC2 instances.
• Create a network address translation (NAT) device to route outbound traffic from the Amazon
EC2 instances in private subnets to the internet.
• Create inbound and outbound routing rules for the Amazon EC2 instances inside the private
subnet.
• If you're using a NAT instance, configure the security groups for the NAT instance and Amazon
EC2 instances to enable internet communication.
• For a load-balanced, scalable environment in an Amazon VPC that has one public subnet, no
additional configuration is required. This is because, with this environment, your Amazon EC2
Software updates and patching

151

AWS Elastic Beanstalk

Developer Guide

instances are configured with a public IP address that enables the instances to communicate with
the internet.
For more information about using Elastic Beanstalk with Amazon VPC, see Using Elastic Beanstalk
with Amazon VPC.

Connectivity

152

AWS Elastic Beanstalk

Developer Guide

Elastic Beanstalk platforms
AWS Elastic Beanstalk provides a variety of platforms on which you can build your applications.
You design your web application to one of these platforms, and Elastic Beanstalk deploys your
code to the platform version you selected to create an active application environment.
Elastic Beanstalk provides platforms for different programming languages, application servers, and
Docker containers. Some platforms have multiple concurrently-supported versions.
Topics
• Elastic Beanstalk platforms glossary
• Shared responsibility model for Elastic Beanstalk platform maintenance
• Elastic Beanstalk platform support policy
• Elastic Beanstalk platform release schedule
• Elastic Beanstalk supported platforms
• Elastic Beanstalk Linux platforms
• Extending Elastic Beanstalk Linux platforms

Elastic Beanstalk platforms glossary
Following are key terms related to AWS Elastic Beanstalk platforms and their lifecycle.
Runtime
The programming language-specific runtime software (framework, libraries, interpreter, vm,
etc.) required to run your application code.
Elastic Beanstalk Components
Software components that Elastic Beanstalk adds to a platform to enable Elastic Beanstalk
functionality. For example, the enhanced health agent is necessary for gathering and reporting
health information.
Platform
A combination of an operating system (OS), runtime, web server, application server, and
Elastic Beanstalk components. Platforms provide components that are available to run your
application.
Platforms glossary

742

AWS Elastic Beanstalk

Developer Guide

Platform Version
A combination of specific versions of an operating system (OS), runtime, web server, application
server, and Elastic Beanstalk components. You create an Elastic Beanstalk environment based
on a platform version and deploy your application to it.
A platform version has a semantic version number of the form X.Y.Z, where X is the major
version, Y is the minor version, and Z is the patch version.
A platform version can be in one of the following states:
• Recommended – The latest platform version in a supported platform branch. This version
contains the most up-to-date components and is recommended for use in production
environments.
• Not Recommended – Any platform version that is not the latest version in its platform
branch. While these versions may remain functional, we strongly recommend updating to
the latest platform version. You can use managed platform updates to help stay up-to-date
automatically.
You can verify if a platform version is recommended using the AWS CLI command describeplatform-version and checking the PlatformLifecycleState field.
Platform Branch
A line of platform versions sharing specific (typically major) versions of some of their
components, such as the operating system (OS), runtime, or Elastic Beanstalk components. For
example: Python 3.13 running on 64bit Amazon Linux 2023; IIS 10.0 running on 64bit Windows
Server 2025. Platform branches receive updates in the form of new platform versions. Each
successive platform version in a branch is an update to the previous one.
The recommended version in each supported platform branch is available to you
unconditionally for environment creation. A previous platform version is available to you if you
were using an environment with it at the time the platform version was superceded by a new
platform version. Previous platform versions lack the most up-to-date components and aren't
recommended for use.
A platform branch can be in one of the following states:
• Supported – A current platform branch. It consists entirely of supported components.
Supported components have not reached End of Life (EOL), as designated by their
suppliers. It receives ongoing platform updates, and is recommended for use in production
Platforms glossary

743

AWS Elastic Beanstalk

Developer Guide

environments. For a list of supported platform branches, see Elastic Beanstalk supported
platforms in the AWS Elastic Beanstalk Platforms guide.
• Beta – A preview, pre-release platform branch. It's experimental in nature. It may receive
ongoing platform updates for a while, but has no long-term support. A beta platform branch
isn't recommended for use in production environments. Use it only for evaluation. For a list
of beta platform branches, see Elastic Beanstalk Platform Versions in Public Beta in the AWS
Elastic Beanstalk Platforms guide.
• Deprecated – A platform branch where one or more components (such as the runtime or
operating system) are approaching End of Life (EOL) or have reached EOL, as designated
by their suppliers. While a deprecated platform branch continues to receive new platform
versions until its retirement date, components that have reached EOL don't receive updates.
For example, if a runtime version reaches EOL, the platform branch will be marked as
deprecated but will continue to receive operating system updates until the platform branch
retirement date. The platform branch will not continue to receive updates to the EOL runtime
version. A deprecated platform branch isn't recommended for use.
• Retired – A platform branch that no longer receives any updates. Retired platform branches
aren't available to create new Elastic Beanstalk environments using the Elastic Beanstalk
console. If your environment uses a retired platform branch, you must update to a supported
platform branch to continue receiving updates. A retired platform branch isn't recommended
for use. For more details about retired platform branches, see the section called “Platform
support policy”. For a list of platform branches scheduled for retirement, see Retiring
platform branch schedule. To see past retired platform branches, see Retired platform branch
history.
If your environment uses a deprecated or retired platform branch, we recommend that you
update it to a platform version in a supported platform branch. For details, see the section
called “Platform updates”.
You can verify the state of a platform branch using the AWS CLI command describe-platformversion and checking the PlatformBranchLifecycleState field.
Platform Update
A release of new platform versions that contain updates to some components of the platform
—OS, runtime, web server, application server, and Elastic Beanstalk components. Platform
updates follow semantic version taxonomy, and can have three levels:

Platforms glossary

744

AWS Elastic Beanstalk

Developer Guide

• Major update – An update that has changes that are incompatible with existing platform
versions. You may need to modify your application to run correctly on a new major version. A
major update has a new major platform version number.
• Minor update – An update that has changes that are backward compatible with existing
platform versions in most cases. Depending on your application, you may need to modify
your application to run correctly on a new minor version. A minor update has a new minor
platform version number.
• Patch update – An update that consists of maintenance releases (bug fixes, security updates,
and performance improvements) that are backward compatible with an existing platform
version. A patch update has a new patch platform version number.
Managed Updates
An Elastic Beanstalk feature that automatically applies patch and minor updates to the
operating system (OS), runtime, web server, application server, and Elastic Beanstalk
components for an Elastic Beanstalk supported platform version. A managed update applies a
newer platform version in the same platform branch to your environment. You can configure
managed updates to apply only patch updates, or minor and patch updates. You can also
disable managed updates completely.
For more information, see Managed platform updates.

Shared responsibility model for Elastic Beanstalk platform
maintenance
AWS and our customers share responsibility for achieving a high level of software component
security and compliance. This shared model reduces your operational burden.
For details, see the AWS Shared Responsibility Model.
AWS Elastic Beanstalk helps you perform your side of the shared responsibility model by providing
a managed updates feature. This feature automatically applies patch and minor updates for an
Elastic Beanstalk supported platform version. If a managed update fails, Elastic Beanstalk notifies
you of the failure to ensure that you are aware of it and can take immediate action.
For more information, see Managed platform updates.
In addition, Elastic Beanstalk does the following:
Shared responsibility model

745

AWS Elastic Beanstalk

Developer Guide

• Publishes its platform support policy and retirement schedule for the coming 12 months.
• Releases patch, minor, and major updates of operating system (OS), runtime, application server,
and web server components typically within 30 days of their availability. Elastic Beanstalk
is responsible for creating updates to Elastic Beanstalk components that are present on its
supported platform versions. All other updates come directly from their suppliers (owners or
community).
We announce all updates to our supported platforms in our release notes in the AWS Elastic
Beanstalk Release Notes guide. We also provide a list of all supported platforms and their
components, along with a platform history, in the AWS Elastic Beanstalk Platforms guide. For more
information see Supported platforms and component history.
You are responsible to do the following:
• Update all the components that you control (identified as Customer in the AWS Shared
Responsibility Model). This includes ensuring the security of your application, your data, and any
components that your application requires and that you downloaded.
• Ensure that your Elastic Beanstalk environments are running on a supported platform version,
and migrate any environment running on a retired platform version to a supported version.
• If you’re using a custom Amazon machine image (AMI) for your Elastic Beanstalk environment,
patch, maintain, and test your custom AMI so that it remains current and compatible with
a supported Elastic Beanstalk platform version. For more information about managing
environments with a custom AMI, see Using a custom Amazon machine image (AMI) in your
Elastic Beanstalk environment.
• Resolve all issues that come up in failed managed update attempts and retry the update.
• Patch the OS, runtime, application server, and web server yourself if you opted out of Elastic
Beanstalk managed updates. You can do this by applying platform updates manually or directly
patching the components on all relevant environment resources.
• Manage the security and compliance of any AWS services that you use outside of Elastic
Beanstalk according to the AWS Shared Responsibility Model.

Shared responsibility model

746

AWS Elastic Beanstalk

Developer Guide

Elastic Beanstalk platform support policy
Elastic Beanstalk supports platform branches that still receive ongoing minor and patch updates
from their suppliers (owners or community). For a complete definition of related terms, see Elastic
Beanstalk platforms glossary.

Retired platform branches
When a component of a supported platform branch is marked End of Life (EOL) by its supplier,
Elastic Beanstalk marks the platform branch as retired. Components of a platform branch include
the following: operating system (OS), runtime language version, application server, or web server.
Once a platform branch is marked as retired the following policies apply:
• Elastic Beanstalk stops providing maintenance updates, including security updates.
• Elastic Beanstalk no longer provides technical support for retired platform branches.
• Elastic Beanstalk no longer makes the platform branch available to new Elastic Beanstalk
customers for deployments to new environments. There is a 90 day grace period from the
published retirement date for existing customers with active environments that are running on
retired platform branches.

Note
A retired platform branch will not be available in the Elastic Beanstalk console. However, it
will be available through the AWS CLI, EB CLI and EB API for customers that have existing
environments based on the retired platform branch. Existing customers can also use the
Clone environment and Rebuild environment consoles.

For a list of platform branches that are scheduled for retirement see the Retiring platform branch
schedule in the Elastic Beanstalk platform schedule topic that follows.
For more information about what to expect when your environment’s platform branch retires, see
Platform retirement FAQ.

Platform support policy

747