Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Amazon Elastic Beanstalk provides a simplified platform for deploying, managing, and scaling web applications and services. It supports a variety of programming languages and frameworks, such as Java, .NET, PHP, Node.js, Python, Ruby, and Go, as well as Docker containers. The service is compatible with widely-used servers including Apache, Nginx, Passenger, and IIS.
Elastic Beanstalk provides a simple and flexible way to deploy your applications to the AWS cloud, without the need to worry about the underlying infrastructure. It automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring, allowing you to focus on writing and deploying your code.
The infrastructure created by Elastic Beanstalk is managed by Autoscaling Groups in EC2 (with a load balancer). Which means that at the end of the day, if you compromise the host, you should know about about EC2:
Moreover, if Docker is used, it’s possible to use ECS.
In AWS Elastic Beanstalk, the concepts of an "application" and an "environment" serve different purposes and have distinct roles in the deployment process.
An application in Elastic Beanstalk is a logical container for your application's source code, environments, and configurations. It groups together different versions of your application code and allows you to manage them as a single entity.
When you create an application, you provide a name and description, but no resources are provisioned at this stage. it is simply a way to organize and manage your code and related resources.
You can have multiple application versions within an application. Each version corresponds to a specific release of your code, which can be deployed to one or more environments.
An environment is a provisioned instance of your application running on AWS infrastructure. It is where your application code is deployed and executed. Elastic Beanstalk provisions the necessary resources (e.g., EC2 instances, load balancers, auto-scaling groups, databases) based on the environment configuration.
Each environment runs a single version of your application, and you can have multiple environments for different purposes, such as development, testing, staging, and production.
When you create an environment, you choose a platform (e.g., Java, .NET, Node.js, etc.) and an environment type (e.g., web server or worker). You can also customize the environment configuration to control various aspects of the infrastructure and application settings.
Web Server Environment: It is designed to host and serve web applications and APIs. These applications typically handle incoming HTTP/HTTPS requests. The web server environment provisions resources such as EC2 instances, load balancers, and auto-scaling groups to handle incoming traffic, manage capacity, and ensure the application's high availability.
Worker Environment: It is designed to process background tasks, which are often time-consuming or resource-intensive operations that don't require immediate responses to clients. The worker environment provisions resources like EC2 instances and auto-scaling groups, but it doesn't have a load balancer since it doesn't handle HTTP/HTTPS requests directly. Instead, it consumes tasks from an Amazon Simple Queue Service (SQS) queue, which acts as a buffer between the worker environment and the tasks it processes.
When creating an App in Beanstalk there are 3 very important security options to choose:
EC2 key pair: This will be the SSH key that will be able to access the EC2 instances running the app
IAM instance profile: This is the instance profile that the instances will have (IAM privileges)
Service role: This is the role that the AWS service will use to perform all the needed actions. Afaik, a regular AWS user cannot access that role.
By default metadata version 1 is disabled:
Beanstalk data is stored in a S3 bucket with the following name: elasticbeanstalk-<region>-<acc-id>(if it was created in the AWS console). Inside this bucket you will find the uploaded source code of the application.
The URL of the created webpage is http://<webapp-name>-env.<random>.<region>.elasticbeanstalk.com/
If you get read access over the bucket, you can read the source code and even find sensitive credentials on it
if you get write access over the bucket, you could modify the source code to compromise the IAM role the application is using next time it's executed.
The autogenerated role is called aws-elasticbeanstalk-ec2-role and has some interesting access over all ECS, all SQS, DynamoDB elasticbeanstalk and elasticbeanstalk S3 using the AWS managed policies: , , .
This role generated by AWS is called aws-elasticbeanstalk-service-role and uses the AWS managed policies and
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.
