Elastic Beanstalk Managed Platform Updates Suddenly No Longer Working

  Kiến thức lập trình

Since last week, all our systems on Elastic Beanstalk suddenly failed to install the latest platform update, 4.2.7 to 4.3.0, as part of a weekly managed update process. This came as an unwelcome surprise, as platform updates have been working without any issues for at least the last 36 months.

The reason for the failure is that the ec2:CreateTags permission is not available for arn/**/elastic-ip/ in the AwsElasticBeanstalkManagedUpdatesCustomerRolePolicy, which is attached to the aws-elasticbeanstalk-service-role.

Adding this permission to the role resolves the issue. However, I have the following two questions:

  1. Why does the AwsElasticBeanstalkManagedUpdatesCustomerRolePolicy not contain this permission in the first place, if it is required for the platform update?
  2. Why is this permission suddenly required when it has not been required for at least the last 36 months? Have we missed an important update? Is AwsElasticBeanstalkManagedUpdatesCustomerRolePolicy no longer the correct policy for managed updates?

Theme wordpress giá rẻ Theme wordpress giá rẻ Thiết kế website

LEAVE A COMMENT