How to Automatically Update AWS Elastic Beanstalk AMIs Without Environment Recreation


3 views

Many developers face the frustrating limitation where Elastic Beanstalk environments don't automatically adopt new platform AMI versions. When AWS releases security patches or performance improvements in new AMIs, your existing environments remain on older versions until you manually intervene.

To programmatically discover the latest AMI IDs for your Elastic Beanstalk platform:


# AWS CLI command to list available platform versions
aws elasticbeanstalk list-platform-versions \
  --query "PlatformSummaryList[?PlatformBranchName=='Docker running on 64bit Amazon Linux 2'].PlatformArn" \
  --output text

# Alternative method using EC2 API
aws ec2 describe-images \
  --owners amazon \
  --filters "Name=name,Values=aws-elasticbeanstalk-*-amazon-*" \
  --query "Images[*].[ImageId,Name,CreationDate]" \
  --output text | sort -k3 -r | head -n 5

Create or modify your .ebextensions/ami.config file:


option_settings:
  aws:autoscaling:launchconfiguration:
    ImageId: latest

Resources:
  AWSEBAutoScalingGroup:
    Metadata:
      AWS::CloudFormation::Init:
        config:
          commands:
            update_ami:
              command: |
                LATEST_AMI=$(aws ssm get-parameters \
                  --names /aws/service/elasticbeanstalk/amazon-linux-2-amd64/latest \
                  --query 'Parameters[0].Value' \
                  --output text)
                aws autoscaling update-auto-scaling-group \
                  --auto-scaling-group-name ${AWS::AutoScalingGroupName} \
                  --launch-template "LaunchTemplateId=${AWS::EC2::LaunchTemplate},Version=$Latest"

For CI/CD pipelines using AWS CodePipeline, add this buildspec.yml segment:


phases:
  build:
    commands:
      - AMI_ID=$(aws ssm get-parameters --names /aws/service/elasticbeanstalk/$PLATFORM_NAME/latest --query 'Parameters[0].Value' --output text)
      - sed -i.bak "s/ImageId:.*/ImageId: $AMI_ID/" .ebextensions/ami.config
      - aws elasticbeanstalk update-environment --environment-name $EB_ENV --option-settings file://.ebextensions/ami.config

Implement CloudWatch alarms to detect deployment issues:


resources:
  AMIRollbackAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmDescription: "Triggers rollback if new AMI causes errors"
      Namespace: "AWS/ElasticBeanstalk"
      MetricName: "EnvironmentHealth"
      Dimensions:
        - Name: EnvironmentName
          Value: { "Ref" : "AWSEBEnvironmentName" }
      ComparisonOperator: "LessThanThreshold"
      Threshold: "Ok"
      EvaluationPeriods: 1
      Period: 300
      AlarmActions:
        - !Sub "arn:aws:automate:${AWS::Region}:ec2:recover"

AWS Elastic Beanstalk periodically releases new AMIs with updated software stacks. To find the latest AMI ID for your platform, you can use the AWS CLI:

aws elasticbeanstalk describe-platform-version \
    --platform-arn "arn:aws:elasticbeanstalk:us-east-1::platform/Python 3.8 running on 64bit Amazon Linux 2/3.4.5"

This will return JSON containing the AMI ID under PlatformDescription.CustomAmiList. You can also find this information in the AWS Management Console under Elastic Beanstalk > Platforms.

While you can manually update the AMI ID in your environment configuration, a better approach is to configure your environment to automatically use the latest AMI. Here's how:

# .ebextensions/ami-auto-update.config
option_settings:
  aws:autoscaling:launchconfiguration:
    ImageId: "resolve:ssm:/aws/service/elasticbeanstalk/amazon-linux-2-x86_64-standard-ami"

This SSM parameter will always resolve to the latest Amazon Linux 2 AMI. For other platforms, check the AWS documentation for the appropriate SSM parameter.

For production environments, consider using a blue/green deployment strategy when updating AMIs:

aws elasticbeanstalk create-environment \
    --application-name my-app \
    --environment-name my-app-green \
    --platform-arn "arn:aws:elasticbeanstalk:us-east-1::platform/Python 3.8 running on 64bit Amazon Linux 2/3.4.5" \
    --version-label v2.0 \
    --option-settings file://options.json

After verifying the new environment, you can swap CNAMEs:

aws elasticbeanstalk swap-environment-cnames \
    --source-environment-name my-app \
    --destination-environment-name my-app-green

Set up CloudWatch alarms to monitor your AMI updates:

aws cloudwatch put-metric-alarm \
    --alarm-name "Beanstalk-AMI-Update-Alarm" \
    --metric-name "EnvironmentHealth" \
    --namespace "AWS/ElasticBeanstalk" \
    --statistic "Average" \
    --period 300 \
    --threshold "Ok" \
    --comparison-operator "LessThanThreshold" \
    --evaluation-periods 1 \
    --alarm-actions "arn:aws:sns:us-east-1:123456789012:Beanstalk-Alerts" \
    --dimensions Name=EnvironmentName,Value=my-app-green

This will notify you if the new environment with the updated AMI experiences health issues.