LearningTree · AWS · Compute

AWS Elastic Beanstalk —
Platform as a Service

Deploy and scale web applications without managing infrastructure. Upload your code — Beanstalk provisions EC2 instances, load balancers, auto scaling, and monitoring automatically.

⚡ Elastic Beanstalk in 30 Seconds

PaaS for AWS — upload your code, Beanstalk creates and manages the infrastructure
Provisions EC2, Auto Scaling, ELB, CloudWatch, Security Groups automatically
You retain full control — you can SSH into instances, customize configs, pick instance types
Supports Java, .NET, Node.js, Python, Ruby, Go, PHP, Docker — and custom platforms
No additional charge — you pay only for the underlying AWS resources (EC2, RDS, ELB, etc.)

Chapter One

What is Elastic Beanstalk

What is Platform as a Service (PaaS) Introductory

Cloud computing offers different levels of control vs. convenience. At the lowest level, Infrastructure as a Service (IaaS) gives you raw servers — you install the OS, configure networking, deploy your app. At the highest level, Software as a Service (SaaS) gives you a finished product — Gmail, Slack. In between sits Platform as a Service (PaaS).

PaaS takes care of the platform layer: operating system, runtime, middleware, and scaling infrastructure. You focus only on your application code. You don't patch servers, configure load balancers, or set up monitoring — the platform does it for you.

🔧

IaaS — You Manage Most

Raw EC2 instances
You install OS, runtime
You configure networking
You set up monitoring
Maximum control

🚀

PaaS — Balanced

Elastic Beanstalk, Heroku
Platform manages servers
You deploy code + config
Auto scaling built in
Control when you need it

⚡

Serverless — Least Mgmt

Lambda, Fargate
No servers visible at all
Pay per invocation/second
Event-driven model
Least operational overhead

👉 Key insight: Elastic Beanstalk is PaaS on top of IaaS. It uses EC2, Auto Scaling, ELB, and CloudWatch underneath. The difference is that Beanstalk creates and configures those resources automatically. You still own them — you can inspect, customize, and SSH into them. Beanstalk is the convenience layer, not a black box.

Why Elastic Beanstalk Exists Introductory

Imagine you want to deploy a simple Node.js web app on AWS. Without Beanstalk, you would need to:

😰

Manual Approach (EC2)

Launch EC2 instances
Install Node.js runtime
Configure security groups
Set up an ALB + target groups
Create an Auto Scaling Group
Configure CloudWatch alarms
Set up deployment pipeline
Manage OS patches & updates

~15 services, hours of setup

😌

Beanstalk Approach

Select "Node.js" platform
Upload your ZIP/WAR
Choose instance type (optional)
Click "Create Environment"
Done. Everything provisioned.

Same result: ALB + ASG + EC2 + CloudWatch — created in minutes.

Beanstalk exists because most developers want to deploy code, not configure infrastructure. It bridges the gap between "I have a ZIP file" and "I have a production-grade, load-balanced, auto-scaling deployment."

EC2 vs Elastic Beanstalk vs Lambda Core

The three most common AWS compute options for applications — each with a different tradeoff between control and convenience:

Feature	EC2 (IaaS)	Elastic Beanstalk (PaaS)	Lambda (Serverless)
What you deploy	AMI + config scripts	ZIP/WAR/Docker image	Function code
Server management	Full (you manage everything)	Automated (but accessible)	None (invisible)
Scaling	Manual ASG configuration	Auto (built-in ASG)	Automatic per-request
Load balancing	You create ALB	Auto (creates ALB for you)	API Gateway
OS access	Full SSH	SSH available	No OS access
Runtime	Any (you install)	Supported platforms	Supported runtimes
Execution model	Always running	Always running	Event-driven (on-demand)
Max execution time	Unlimited	Unlimited	15 minutes
Pricing	Per instance-hour	Per underlying resources	Per request + duration
Best for	Full control, custom setups	Standard web apps, quick deploy	Short tasks, event handlers

👉 Rule of thumb: Use EC2 when you need full control over the OS and custom configurations. Use Elastic Beanstalk when you want a standard web application deployed quickly with auto-scaling. Use Lambda when your workload is event-driven, short-lived, and you want zero server management.

What Beanstalk IS and IS NOT Core

✅

Beanstalk IS

An orchestration service — it creates and manages other AWS services for you
A free abstraction — no charge for Beanstalk itself (you pay for EC2, ELB, etc.)
An opinionated deployer — provides best-practice defaults
Transparent — you can see and access everything it creates
Built on CloudFormation under the hood

❌

Beanstalk IS NOT

A separate compute service — it uses EC2 instances
A black box — you retain full access to all resources
Serverless — your instances run 24/7 (unlike Lambda)
A container orchestrator — use ECS/EKS for that
Free infrastructure — you pay for the underlying resources

Mental Model — The Valet Parking Analogy Introductory

Think of deploying your app like arriving at a hotel:

🅿️

EC2 = Self-Parking

You drive your own car, find a spot, park it, lock it, remember where you parked. Full control — but you do all the work.

🎩

Beanstalk = Valet Parking

You hand your keys to the valet. They park your car, but you can still go see it, move it yourself, or tell them which floor. Convenient + accessible.

🚕

Lambda = Taxi / Uber

You don't have a car at all. Someone drives you when you need it, and you pay per ride. No car to manage — but you can't customize the vehicle.

🔑 Key Mental Model

Elastic Beanstalk = Valet Parking for your code.

You provide the car (application code)
The valet handles parking (EC2, ASG, ELB, CloudWatch)
You can still access, inspect, and customize everything
You pay for the parking spot — not the valet service

How Beanstalk Works — High Level Core

When you create a Beanstalk environment, here is what happens behind the scenes:

1️⃣

You Provide

Application code (ZIP, WAR, or Docker)
Platform choice (Node.js, Java, Python, etc.)
Optional: instance type, scaling rules, env vars

2️⃣

Beanstalk Creates

EC2 instances with your platform runtime
Auto Scaling Group for scaling
Elastic Load Balancer for traffic distribution
Security Groups for network access
CloudWatch alarms for monitoring
S3 bucket for version storage

Under the hood, Beanstalk generates a CloudFormation template that describes all these resources. When you update your code or change configuration, Beanstalk updates the CloudFormation stack. This is why Beanstalk is not magic — it's automation on top of services you already know.

Concept Diagram — Cloud Service Models Introductory

IaaS vs PaaS vs Serverless — What You Manage

AWS Diagram — What Beanstalk Creates for You Core

Elastic Beanstalk — Underlying AWS Services

Elastic Beanstalk Environment

Beanstalk

Orchestrator

→

CloudFormation

Infra Templates

→

EC2

App Servers

Auto Scaling

Scale In/Out

ELB

Load Balancer

CloudWatch

Monitoring

Version Storage

SNS

Notifications

You provide code → Beanstalk generates CloudFormation → CloudFormation provisions EC2, ASG, ELB, CloudWatch, S3, SNS

Architecture Diagram — Beanstalk Web App Deployment Core

Elastic Beanstalk — Standard Web Server Environment

🎯 Chapter 01 Summary

Elastic Beanstalk is AWS's PaaS — the fastest path from code to production.

PaaS sits between IaaS (EC2) and Serverless (Lambda) — you manage code, Beanstalk manages infrastructure
Beanstalk creates real AWS resources — EC2, ASG, ELB, CloudWatch, S3 — you can see and access them all
Built on CloudFormation under the hood — every environment is an infra-as-code stack
Free service — you pay only for the underlying resources (EC2, ELB, etc.)
Mental model: Valet Parking — you hand over the keys, but you can always go check on your car

Chapter Two

Core Concepts

The Beanstalk Hierarchy Introductory

Elastic Beanstalk organizes everything into a clear hierarchy. Understanding these five building blocks is essential before you deploy anything:

📦

Application

The top-level container. An application is a logical collection — it groups all environments, versions, and configurations for one project. Think of it as a folder label: "my-web-app."

One application can have multiple environments (dev, staging, prod) and multiple versions (v1, v2, v3).

🏷️

Application Version

A specific, labeled release of your code. When you upload a ZIP/WAR, Beanstalk stores it in S3 and labels it as a version (e.g., "v1.2.3"). Versions are immutable — once uploaded, they don't change.

You can deploy any version to any environment. Rollback = deploy a previous version.

🌍

Environment

A running instance of your application. Each environment is a collection of AWS resources (EC2, ELB, ASG) running one version of your code. You typically have separate environments for dev, staging, and production.

⚙️

Environment Configuration

The settings that define how the environment behaves: instance type, scaling rules, environment variables, security groups, load balancer type. Saved as configuration templates for reuse.

🏗️

Platform

The OS + runtime combination. Beanstalk provides managed platforms: "Python 3.11 on Amazon Linux 2023", "Node.js 18 on Amazon Linux 2023", "Docker on Amazon Linux 2023", etc.

👉 How they relate: An Application contains many Versions. You deploy one Version into an Environment. The Environment runs on a Platform and is configured via an Environment Configuration. Simple hierarchy — Application → Version → Environment.

Environment Types — Web Server vs Worker Core

Beanstalk offers two environment types, each designed for a different workload pattern:

🌐

Web Server Environment

Handles HTTP/HTTPS requests from users
Creates an ELB (load balancer) + ASG (auto scaling)
EC2 instances run a web server (Nginx/Apache) + your app
ELB distributes traffic across instances
Health checks ensure only healthy instances receive traffic
Use case: APIs, websites, web applications

⚙️

Worker Environment

Processes background tasks from an SQS queue
No load balancer — not internet-facing
Beanstalk creates an SQS queue automatically
A daemon on each instance polls SQS and POSTs messages to localhost
Auto scales based on queue depth
Use case: Email sending, image processing, report generation

Feature	Web Server Environment	Worker Environment
Traffic source	HTTP/HTTPS from internet	SQS messages
Load balancer	Yes (ALB, CLB, or NLB)	No
Auto scaling trigger	CPU, latency, requests	SQS queue depth
Entry point	ELB DNS endpoint	SQS queue URL
Daemon	Web server (Nginx)	SQS daemon → POST to localhost
Typical use	APIs, websites	Background jobs, async tasks

👉 Common pattern: Use a Web Server environment for your API (receives user requests) and a Worker environment for heavy processing. The web tier sends messages to SQS, the worker tier processes them. Decoupled, scalable, and each tier scales independently.

Supported Platforms Core

Beanstalk provides managed platforms — pre-configured AMIs with the OS, runtime, and web server already installed. You don't need to install Node.js or configure Nginx — the platform handles it.

☕

Java

Corretto 8/11/17/21 with Tomcat or standalone JAR. Deploy WAR files or fat JARs.

🟢

Node.js

Node.js 16/18/20 with Nginx reverse proxy. Deploy ZIP with package.json.

🐍

Python

Python 3.8–3.12 with WSGI (Gunicorn). Deploy ZIP with requirements.txt.

💎

Ruby

Ruby 3.0–3.2 with Puma. Deploy ZIP with Gemfile.

🐘

PHP

PHP 8.0–8.3 with Apache/Nginx. Deploy ZIP with composer.json.

🐹

Go

Go 1.20+. Deploy a compiled binary or source with go.mod.

🔷

.NET

.NET 6/8 on Linux or Windows. Deploy ZIP or publish output.

🐳

Docker

Single or multi-container Docker. Deploy Dockerfile or docker-compose.yml. Most flexible option.

🔧

Custom Platform

Build your own AMI with Packer. Use any language or runtime Beanstalk doesn't natively support.

👉 Platform versions: Beanstalk supports Amazon Linux 2023 (current, recommended) and Amazon Linux 2 (maintenance mode). New environments should always use AL2023. Amazon Linux 1 (AL1) was retired December 31, 2023. If you have AL1 or AL2 environments, plan migration to AL2023 — platform behavior, hook paths, and Nginx configuration differ between versions.

Concept Diagram — Beanstalk Object Hierarchy Introductory

Elastic Beanstalk — Application → Version → Environment

AWS Diagram — Web Server vs Worker Environment Core

Environment Types — How Traffic Flows

🌐 Web Server Environment

USERS → HTTPS

ELB

↓

EC2

App

EC2

App

Auto Scaling Group

⚙️ Worker Environment

SQS MESSAGES

SQS Queue

↓

EC2

Worker

EC2

Worker

No Load Balancer · Scales on queue depth

Web Server = internet-facing (ELB + ASG) · Worker = queue-driven (SQS + ASG, no ELB)

Architecture Diagram — Decoupled Web + Worker Pattern Deep

Production Pattern — Web Tier + Worker Tier via SQS

🎯 Chapter 02 Summary

Beanstalk organizes resources into Application → Versions → Environments.

Application → top-level container. Version → immutable code snapshot in S3. Environment → running resources.
Web Server Env = ELB + EC2 + ASG (HTTP traffic). Worker Env = SQS + EC2 + ASG (background tasks).
Platforms are managed AMIs — Java, Node.js, Python, Ruby, PHP, Go, .NET, Docker, or Custom.
Decoupled pattern: Web tier → SQS → Worker tier. Each scales independently.
Configuration templates allow reuse — same settings across dev/staging/prod.

Chapter Three

Deployment Models

Why Deployment Strategy Matters Introductory

When you push a new version of your application, how should Beanstalk update the running instances? Replace all at once? Replace them gradually? Spin up brand new ones? The choice affects downtime, risk, speed, and cost.

Beanstalk provides five deployment policies. Each makes a different tradeoff — there is no "best" option, only the right one for your situation.

1. All at Once Core

💥

All at Once

Deploy the new version to all instances simultaneously. Every instance goes down, receives the update, and comes back up.

Downtime: Yes — all instances updating at the same time
Deploy speed: Fastest
Rollback: Re-deploy previous version (slow)
Cost: No additional instances
Best for: Dev/test environments where downtime is acceptable

2. Rolling Core

🔄

Rolling

Update instances in batches. First batch goes down, gets updated, comes back healthy. Then the next batch. Capacity is temporarily reduced.

Downtime: No (but reduced capacity during update)
Deploy speed: Moderate — depends on batch size
Rollback: Re-deploy previous version (slow)
Cost: No additional instances
Best for: Cost-sensitive production where brief reduced capacity is fine

3. Rolling with Additional Batch Core

➕

Rolling with Additional Batch

Like Rolling, but first launches new instances with the new version before taking any old ones out. Full capacity maintained throughout.

Downtime: No (full capacity maintained)
Deploy speed: Moderate (slower than Rolling — must launch extra instances)
Rollback: Re-deploy previous version (slow)
Cost: Temporary extra instances during deploy
Best for: Production where you can't afford reduced capacity

4. Immutable Core

🆕

Immutable

Launch an entirely new set of instances in a new ASG with the new version. Once healthy, swap them in and terminate the old ones. Old instances are never modified.

Downtime: No (full capacity + new instances running before swap)
Deploy speed: Slow (full new ASG must launch)
Rollback: Fast — just terminate the new ASG
Cost: Doubles capacity during deploy
Best for: Production where fast rollback is critical

5. Blue/Green Deep

🔵🟢

Blue/Green Deployment

Create a completely separate environment (Green) with the new version. Test it independently. When ready, swap the environment URLs (DNS CNAME swap). Traffic instantly shifts from Blue to Green.

Downtime: Near-zero (DNS swap takes seconds)
Deploy speed: Slowest (full new environment)
Rollback: Instant — swap URLs back
Cost: Full duplicate environment during deploy
Best for: Critical production with zero-downtime requirements and instant rollback

👉 Important distinction: Blue/Green is not a Beanstalk deployment policy — it's a strategy you implement using Beanstalk's "Swap Environment URLs" feature. Beanstalk's built-in policies are: All at Once, Rolling, Rolling with Batch, and Immutable. Blue/Green is done manually or via automation by creating a second environment.

⚠️ Cost warning: Blue/Green uses two complete environments. You pay for both during the transition period. For cost-sensitive workloads, Immutable deployment provides similar safety (fast rollback, no downtime) with only temporary extra capacity instead of a full duplicate environment.

Deployment Comparison — All Five Strategies Core

Strategy	Downtime	Deploy Speed	Rollback	Cost	Capacity During Deploy
All at Once	⚠️ Yes	⚡ Fastest	🐢 Slow (re-deploy)	💰 None	❌ Zero (all updating)
Rolling	✅ No	⏱️ Moderate	🐢 Slow (re-deploy)	💰 None	⚠️ Reduced
Rolling + Batch	✅ No	⏱️ Moderate	🐢 Slow (re-deploy)	💰💰 Temp extra	✅ Full
Immutable	✅ No	🐢 Slow	⚡ Fast (kill new ASG)	💰💰💰 Doubles	✅ Full + extra
Blue/Green	✅ Near-zero	🐢 Slowest	⚡ Instant (URL swap)	💰💰💰💰 Full dup	✅ Full + duplicate

Concept Diagram — Choosing a Deployment Strategy Introductory

Deployment Strategy Decision Flow

AWS Diagram — Immutable Deployment in Action Deep

Immutable Deploy — New ASG alongside Old ASG

Old ASG (v1)

EC2

v1 ✓

EC2

v1 ✓

Serving traffic

→

SWAP

New ASG (v2)

EC2

v2 ✓

EC2

v2 ✓

Health checks pass → take over

ELB

Routes to new ASG after health check

Old ASG serves traffic while new ASG launches · Once v2 healthy → ELB switches · Old ASG terminates

Architecture Diagram — Blue/Green CNAME Swap Deep

Blue/Green — Two Environments, Swap URLs

🎯 Chapter 03 Summary

Five deployment strategies — choose based on downtime tolerance, rollback speed, and budget.

All at Once → fastest, but causes downtime. Use for dev/test only.
Rolling → no downtime but reduced capacity. Cost-efficient for non-critical prod.
Rolling + Batch → no downtime, full capacity. Slightly more expensive.
Immutable → no downtime, fast rollback (kill new ASG). Doubles cost during deploy.
Blue/Green → near-zero downtime, instant rollback (swap URLs). Full duplicate cost. Best for critical production.
Exam tip: know all five, know which has downtime (All at Once only), know which supports instant rollback (Immutable + Blue/Green).

Chapter Four

Architecture & Components

Beanstalk as an Orchestrator Introductory

Elastic Beanstalk is not a separate compute engine. It is an orchestration layer that creates, configures, and manages real AWS services on your behalf. When you create a Beanstalk environment, it generates a CloudFormation stack that provisions the following resources:

🖥️

EC2 Instances

The actual compute. Each instance runs the platform runtime (e.g., Node.js, Java) and your application code. Beanstalk selects the AMI, installs the runtime, deploys your code, and configures the web server (Nginx/Apache).

⚖️

Elastic Load Balancer

Distributes incoming traffic across EC2 instances. Beanstalk supports ALB (HTTP/HTTPS, path-based routing), NLB (TCP, ultra-low latency), or CLB (legacy). For single-instance environments, no ELB is created.

📈

Auto Scaling Group

Manages the fleet of EC2 instances. Defines min, max, desired count. Launches new instances when demand rises, terminates when demand falls. Replaces unhealthy instances automatically.

📊

CloudWatch

Monitoring & alarms. Beanstalk creates CloudWatch alarms for CPU, latency, and health. Logs from instances stream to CloudWatch Logs. Enhanced health reporting provides real-time status.

🔒

Security Groups

Firewall rules for your instances and load balancer. Beanstalk creates SGs that allow ELB → EC2 traffic on app ports and optionally SSH access. You can customize by adding rules.

📁

S3 Bucket

Stores your application versions (ZIP/WAR files), logs, and configuration. Each Beanstalk application has its own S3 bucket. Versions are immutable snapshots.

Optional Services — RDS, SNS, SQS Core

Beyond the core resources, Beanstalk can optionally create or integrate with additional services:

🗄️

Amazon RDS

Beanstalk can create an RDS instance inside the environment
Connection details auto-injected as env vars: RDS_HOSTNAME, RDS_PORT, RDS_DB_NAME, RDS_USERNAME, RDS_PASSWORD
⚠️ Warning: If you delete the environment, the RDS instance is deleted too!
✅ Best practice: Create RDS outside Beanstalk and pass the connection string as an environment variable. This decouples the database from the deployment lifecycle.

🔔

SNS & SQS

SNS: Beanstalk creates an SNS topic for environment notifications (deployment events, health changes). You can subscribe your email or Lambda functions.
SQS: Worker environments automatically get an SQS queue. The daemon polls messages and POSTs them to your app at http://localhost/.
Dead letter queue support for failed messages

👉 Exam tip: If an exam question mentions "database deleted when environment terminated" — the RDS was created inside Beanstalk. The solution is always: create RDS outside the environment and reference it via environment variables.

🚨 Critical Warning: RDS created inside Beanstalk is deleted when the environment terminates. For production, always create RDS outside Beanstalk and pass connection details via environment variables. This is a common exam question — and a real-world disaster waiting to happen. There is no recovery if you accidentally terminate an environment with an embedded RDS and no snapshots.

CloudFormation Under the Hood Deep

Every Beanstalk environment is backed by a CloudFormation stack. When you create or update an environment, Beanstalk:

1️⃣

Generates a CFN Template

Defines EC2 instances, ASG, ELB, SGs, IAM roles
Based on your environment type + configuration
Template is deterministic — same config = same resources

2️⃣

Executes the Stack

CloudFormation provisions all resources in order
Updates use stack update — rolling change sets
Failures trigger automatic rollback
You can view the stack in the CloudFormation console

This means: everything Beanstalk does, you could do manually with CloudFormation. Beanstalk is a convenience layer that generates and manages CloudFormation stacks. Understanding this helps demystify what happens when something goes wrong — you can always inspect the CloudFormation events for detailed error logs.

Load Balancer Types in Beanstalk Core

Type	When to Use	Features	Beanstalk Config
ALB (Application)	HTTP/HTTPS web apps (default)	Path-based routing, HTTP/2, WebSocket, sticky sessions	`LoadBalancerType: application`
NLB (Network)	TCP/UDP, ultra-low latency, static IP	Millions of requests/sec, TLS termination, preserve source IP	`LoadBalancerType: network`
CLB (Classic)	Legacy only — avoid for new projects	Basic HTTP/TCP, limited routing	`LoadBalancerType: classic`
None (Single Instance)	Dev/test, low-cost environments	No ELB, public IP on the EC2 instance directly	Environment type: single instance

👉 Important: You cannot change the load balancer type after environment creation. If you need to switch from CLB to ALB, you must create a new environment. Plan your LB type before creating the environment.

Single Instance vs Load Balanced Core

1️⃣

Single Instance

1 EC2 instance — no ELB, no ASG
Public Elastic IP assigned directly
Cheapest option (no ELB cost)
No high availability — if instance fails, environment is down
Use for: Dev, test, small personal projects

⚖️

Load Balanced

Multiple EC2 instances behind an ELB in an ASG
Traffic distributed across instances and AZs
Auto Scaling adds/removes instances
High availability — survives instance failures
Use for: Staging, production, anything requiring uptime

Concept Diagram — Resource Provisioning Flow Introductory

How Beanstalk Provisions Resources — Step by Step

AWS Diagram — Complete Environment Architecture Core

Beanstalk Environment — All Managed Components

Elastic Beanstalk Environment

ELB

ALB / NLB / CLB

→

Auto Scaling Group

EC2

Platform + App

EC2

Platform + App

Scales

CloudWatch

Logs + Alarms

App Versions

SNS

Notifications

CloudFormation

Stack Mgmt

RDS

Optional DB

SQS

Worker Queues

ElastiCache

Session Store

Route 53

Custom Domain

Solid = created by Beanstalk · Dashed = optional / external integration

Architecture Diagram — Multi-AZ Production Environment Deep

Production Beanstalk — Multi-AZ with External RDS

🎯 Chapter 04 Summary

Beanstalk orchestrates real AWS services — it's not a black box.

Core resources: EC2 + ASG + ELB + CloudWatch + Security Groups + S3 — created automatically via CloudFormation
Optional: RDS (⚠️ create outside env for persistence), SQS (worker envs), SNS (notifications), ElastiCache
Load Balancer types: ALB (HTTP, default), NLB (TCP, low latency), CLB (legacy), or None (single instance)
Cannot change LB type after creation — plan ahead
Single Instance = cheapest, no HA. Load Balanced = production-grade, multi-AZ
Everything is a CloudFormation stack — inspect it for debugging

Chapter Five

Scaling & High Availability

Auto Scaling in Beanstalk Introductory

Every load-balanced Beanstalk environment includes an Auto Scaling Group (ASG). The ASG manages the fleet of EC2 instances and automatically adjusts the count based on demand. You configure three key parameters:

⬇️

Minimum Instances

The floor. ASG will never scale below this number. Set to at least 2 for production (one per AZ for high availability).

🎯

Desired Instances

The target count ASG tries to maintain. Auto Scaling adjusts this value automatically based on scaling policies. Usually starts at minimum.

⬆️

Maximum Instances

The ceiling. ASG will never scale above this number. Protects against runaway scaling and unexpected costs. Set based on budget.

Scaling Triggers & Policies Core

Beanstalk uses CloudWatch metrics to decide when to scale. You can configure scaling policies based on several triggers:

Metric	Scales Out When	Scales In When	Best For
CPUUtilization	CPU > 70% (avg 5 min)	CPU < 30%	CPU-bound workloads (image processing, computation)
NetworkOut	Network > threshold	Network < threshold	Data-heavy APIs, file transfers
Latency	Response time > threshold	Response < threshold	Web apps where user experience matters
RequestCount	Requests/instance > threshold	Requests < threshold	Request-driven APIs, even load distribution
HealthyHostCount	Healthy hosts < desired	—	Maintaining minimum healthy capacity
SQS Queue Depth	Messages > threshold	Queue empty	Worker environments processing async jobs

👉 Default scaling metric: NetworkOut. For most web apps, CPUUtilization or RequestCount are better choices. Always tune the scaling metric for your specific workload — don't rely on defaults.

⚠️ What NOT to scale on: Avoid scaling on NetworkIn — it measures incoming data volume, not application load. A single large file upload can trigger unnecessary scale-out. Also avoid DiskReadOps unless your workload is explicitly disk-bound. Stick with CPU, RequestCount, or Latency for most web applications.

Scaling Policy Types Core

🎯

Target Tracking (Recommended)

Set a target value (e.g., "keep CPU at 50%")
ASG automatically adjusts to maintain the target
Simplest to configure — AWS handles the math
Similar to a thermostat: set the temp, system adjusts

📏

Step Scaling

Define specific thresholds and how many instances to add/remove
E.g., "CPU > 60%: +1", "CPU > 80%: +3"
More control than target tracking
Useful when you need different scale amounts at different thresholds

⏰

Scheduled Scaling

Scale at specific times (cron-based)
E.g., "scale to 10 instances at 9 AM, scale to 2 at 10 PM"
Best for predictable traffic patterns (business hours, marketing events)
Can combine with target tracking for hybrid approach

⏱️

Cooldown Period

After a scaling action, ASG waits before scaling again
Default: 300 seconds (5 minutes)
Prevents "thrashing" — rapidly adding/removing instances
Tune shorter for fast-changing workloads, longer for gradual changes

Health Checks — Basic vs Enhanced Core

Beanstalk uses health checks to determine if instances are working correctly. There are two levels:

💚

Basic Health

Checks ELB health check endpoint (default: HTTP 200 on /)
Binary: Healthy or Unhealthy
EC2 instance status checks
Limited information — only tells you "up or down"
Free — included by default

💚💛🔴

Enhanced Health (Recommended)

Beanstalk agent on each instance reports detailed metrics
Color-coded: Green (Ok), Yellow (Warning), Red (Degraded), Grey (Unknown)
Monitors: CPU, requests, latency, 2xx/3xx/4xx/5xx counts
Application-level health — not just "port open"
Health history and dashboard in Beanstalk console
Requires Beanstalk enhanced health reporting IAM role

Health Color	Meaning	Action
🟢 Green	All instances healthy, passing health checks	No action needed
🟡 Yellow	Some requests failing or latency high	Investigate — may self-resolve
🔴 Red	Multiple instances unhealthy, service degraded	Immediate investigation. Check app logs
⚪ Grey	Updating, initializing, or insufficient data	Wait — usually resolves after deployment

Enhanced Health requires the service role aws-elasticbeanstalk-service-role with the AWSElasticBeanstalkEnhancedHealth managed policy attached. Beanstalk creates this automatically when you launch an environment with enhanced health enabled via the console or EB CLI.

High Availability — Multi-AZ Best Practices Deep

To achieve true high availability with Beanstalk, your environment should survive the failure of an entire Availability Zone:

✅

HA Best Practices

Use Load Balanced environment (not single instance)
Set minimum 2 instances across 2+ AZs
Use ALB — it routes to healthy instances across AZs
Enable cross-zone load balancing (default with ALB)
Use external RDS with Multi-AZ deployment
Enable Enhanced Health for faster failure detection
Store sessions in ElastiCache (not in-memory on EC2)
Set appropriate health check grace period (give instances time to boot)

❌

Common HA Mistakes

Single instance environment in production
All instances in one AZ
RDS inside Beanstalk (deleted with env)
Sticky sessions without external session store
No health check path configured (using default /)
Max instances = min instances (no room to scale)
Cooldown too long — can't react to sudden traffic

Concept Diagram — Scaling Decision Flow Introductory

Auto Scaling — How Beanstalk Decides to Scale

AWS Diagram — Auto Scaling Components Core

Beanstalk Auto Scaling — Services Involved

CloudWatch

Metrics + Alarms

→

Auto Scaling

Scaling Policies

→

EC2

Launch / Terminate

→

ELB

Scaling Flow

📊

1. CloudWatch

Detects CPU > 70%

🔔

2. Alarm Fires

Triggers policy

🚀

3. ASG Launches

New EC2 instance

✅

4. ELB Registers

Receives traffic

CloudWatch monitors → Alarm triggers scaling policy → ASG launches/terminates EC2 → ELB registers/deregisters targets

Architecture Diagram — High Availability Scaling Deep

HA Beanstalk — Scaling Across Availability Zones

🎯 Chapter 05 Summary

Beanstalk Auto Scaling keeps your app responsive under any load.

ASG parameters: min (floor), desired (target), max (ceiling) — always set min ≥ 2 for HA
Scaling triggers: CPUUtilization, RequestCount, Latency, NetworkOut, SQS queue depth
Policy types: Target Tracking (simplest), Step Scaling (granular), Scheduled (predictable patterns)
Health checks: Basic (up/down) vs Enhanced (color-coded, detailed metrics — recommended)
HA best practices: Multi-AZ, external RDS (Multi-AZ), ElastiCache for sessions, min 2 instances
Exam tip: Know scaling policies, health check types, and why external RDS is critical for HA

Chapter Six

Configuration & Customization

Configuration Layers — Priority Order Introductory

Beanstalk applies configuration from multiple sources. When settings conflict, higher-priority sources override lower ones. Understanding this order prevents "why isn't my setting applied?" confusion:

🏆

Priority Order (Highest → Lowest)

Direct environment settings — Console, CLI, API changes
Saved configurations — Reusable config templates
.ebextensions — Config files inside your source bundle
Platform defaults — What the platform provides out of the box

If you set an instance type in the console AND in .ebextensions, the console value wins.

💡

Why This Matters

Use .ebextensions for version-controlled defaults (lives in your code repo)
Use saved configurations for environment-specific overrides (prod vs dev)
Use direct settings for quick one-off changes (hotfixes, debugging)
Platform defaults handle things you usually don't need to change

Environment Variables Core

Environment variables are the simplest and most common way to configure your application in Beanstalk. They inject runtime configuration without changing your code — database URLs, API keys, feature flags.

⚙️

How to Set Them

Console: Configuration → Software → Environment properties
CLI: eb setenv DB_HOST=mydb.123.rds.amazonaws.com
.ebextensions: In YAML config files (version-controlled)
EB CLI: eb config to edit interactively

📋

Common Env Vars

NODE_ENV=production
DATABASE_URL=postgres://...
API_KEY=sk-xxxxx
LOG_LEVEL=info
PORT=8080 (Beanstalk sets this automatically)

👉 Security tip: For sensitive values (API keys, database passwords), use AWS Secrets Manager or SSM Parameter Store instead of environment variables. Env vars are visible in the console and in CloudFormation templates. Secrets Manager encrypts values at rest and supports automatic rotation.

.ebextensions — Infrastructure as Code Core

The .ebextensions directory is the most powerful customization tool in Beanstalk. It contains YAML or JSON config files that execute during deployment. You place this directory in the root of your source bundle:

📁

File Structure

my-app/
├── .ebextensions/
│   ├── 01-env-vars.config
│   ├── 02-packages.config
│   ├── 03-nginx.config
│   └── 04-custom-logs.config
├── app.js
├── package.json
└── ...

Files execute in alphabetical order. Prefix with numbers to control ordering.

🔧

What You Can Configure

option_settings — Set any Beanstalk configuration option
packages — Install yum/apt packages (e.g., ImageMagick)
sources — Download and extract archives
files — Create files on the instance (configs, scripts)
commands — Run shell commands before app deploys
container_commands — Run after app code extracted but before launch
Resources — Create additional CloudFormation resources (RDS, DynamoDB, SQS)

Example — 01-env-vars.config:

option_settings:
  aws:elasticbeanstalk:application:environment:
    NODE_ENV: production
    LOG_LEVEL: info

  aws:autoscaling:asg:
    MinSize: 2
    MaxSize: 6

  aws:autoscaling:launchconfiguration:
    InstanceType: t3.medium

  aws:elasticbeanstalk:environment:
    LoadBalancerType: application

Example — 02-packages.config:

packages:
  yum:
    ImageMagick: []
    git: []

commands:
  01_setup_timezone:
    command: "ln -sf /usr/share/zoneinfo/UTC /etc/localtime"

container_commands:
  01_run_migrations:
    command: "npm run migrate"
    leader_only: true          # Only runs on ONE instance
  02_seed_data:
    command: "npm run seed"
    leader_only: true          # Only runs on ONE instance
  03_clear_cache:
    command: "npm run cache:clear"
    leader_only: false         # Runs on EVERY instance

👉 leader_only: true ensures a container_command runs on only one instance — essential for database migrations. Without it, every instance would run the migration simultaneously, causing conflicts.

Platform Hooks — Modern Customization Deep

Platform hooks are the newer, recommended way to run scripts during the deployment lifecycle. They replace the older commands and container_commands in .ebextensions with a clearer, lifecycle-based structure:

📁

Hook Directories

.platform/
├── hooks/
│   ├── prebuild/    ← Before build
│   ├── predeploy/   ← Before app starts
│   └── postdeploy/  ← After app starts
├── confighooks/
│   ├── prebuild/
│   ├── predeploy/
│   └── postdeploy/
└── nginx/
    └── conf.d/
        └── custom.conf

🔄

Lifecycle Stages

prebuild/ — Before source code is built. Install dependencies, set up tools.
predeploy/ — After build, before app launches. Run DB migrations, compile assets.
postdeploy/ — After app is running and healthy. Send notifications, warm caches.
confighooks/ — Same stages, but triggered on config changes (not deploys)
Scripts must be executable (chmod +x) and use a shebang (#!/bin/bash)

Feature	.ebextensions	Platform Hooks
Introduced	Original (legacy)	Amazon Linux 2+ (modern)
Execution order	Alphabetical file order	Alphabetical within lifecycle stage
Lifecycle clarity	commands vs container_commands (confusing)	Clear: prebuild / predeploy / postdeploy
Config changes	No separate stage	confighooks/ for config-only changes
CloudFormation resources	✅ Supported (Resources key)	❌ Not supported — still use .ebextensions
Recommendation	Use for option_settings + Resources only	Use for all scripts and commands

Custom AMI — Pre-baked Images Deep

If your .ebextensions or platform hooks install many packages or take a long time, you can bake a custom AMI — an image with everything pre-installed. This dramatically reduces deployment time because instances boot with all dependencies already present.

🖼️

When to Use Custom AMIs

Large package installations (ML libraries, native compilers)
Deployment time is too slow (> 10 minutes per instance)
Need custom OS configuration (kernel tuning, security hardening)
Compliance requirements (pre-approved base images)

⚠️

Considerations

Start from the Beanstalk platform AMI — don't build from scratch
You must maintain and update the AMI yourself (OS patches, runtime updates)
Set via: aws:autoscaling:launchconfiguration → ImageId
Use Packer (by HashiCorp) to automate AMI building
Combine with .ebextensions for app-specific config on top of the pre-baked image

Nginx / Proxy Customization Core

Beanstalk platforms (Amazon Linux 2+) use Nginx as the reverse proxy in front of your application. You can customize Nginx by placing config files in your source bundle:

🔧

Custom Nginx Config

# .platform/nginx/conf.d/proxy.conf
client_max_body_size 50M;
proxy_read_timeout 300s;

# Custom headers
add_header X-Frame-Options "DENY";
add_header X-Content-Type "nosniff";

🔄

Full Nginx Override

# .platform/nginx/nginx.conf
# Complete replacement — use with care
# Must include all required directives

# Useful for:
# - Custom routing
# - WebSocket support
# - Gzip configuration
# - Static file serving

Concept Diagram — Configuration Priority Stack Introductory

Configuration Sources — Priority Order (Top Wins)

AWS Diagram — Customization Touchpoints Core

Where Configuration Applies in the Stack

⚙️ Application Config

Environment Variables

DB_HOST, API_KEY, NODE_ENV

Secrets Manager

Encrypted secrets at runtime

🏗️ Platform Config

.platform/hooks/

Lifecycle scripts

.platform/nginx/

Proxy customization

Custom AMI

Pre-baked dependencies

☁️ Infrastructure Config

.ebextensions/

Instance type, ASG, ELB

Resources (CFN)

Extra RDS, SQS, DynamoDB

Saved Configs

Reusable templates

EC2

Env vars + hooks

ELB

.ebextensions

ASG

.ebextensions

CloudWatch

Auto-configured

CloudFormation

Resources key

Application config → your code reads env vars · Platform config → hooks + nginx · Infrastructure config → .ebextensions + CFN

Architecture Diagram — Deployment with Configuration Deep

Source Bundle → Configuration Processing → Running Environment

🎯 Chapter 06 Summary

Beanstalk offers multiple configuration layers — use the right tool for the right job.

Priority order: Direct settings > Saved configs > .ebextensions > Platform defaults
Environment variables — simplest config. Use Secrets Manager for sensitive values.
.ebextensions — powerful YAML configs for option_settings, packages, commands, and CloudFormation Resources
Platform hooks (.platform/hooks/) — modern lifecycle scripts: prebuild → predeploy → postdeploy
Custom AMI — pre-bake dependencies for faster deploys. Maintain and update yourself.
Nginx — customize via .platform/nginx/conf.d/ or full override. Don't forget client_max_body_size!
leader_only: true — run a command on only one instance (critical for DB migrations)

Chapter Seven

Architecture Patterns

Pattern 1 — Simple Web Application Introductory

The most common Beanstalk pattern: a single-tier web application with all components managed by one Beanstalk environment. Suitable for most small to medium applications.

🌐

Architecture

Web Server Environment — ALB + ASG + EC2
Single codebase handles all requests
External RDS for persistence
ElastiCache for sessions (optional)
CloudFront for static assets (optional)

✅

When to Use

Standard web apps, REST APIs, admin dashboards
Small to medium traffic (up to thousands req/sec)
Single team, single deployment unit
Quick time-to-market — simplest architecture
Monolithic applications (not microservices)

Pattern 2 — Web + Worker (Decoupled) Core

For applications with both user-facing traffic and heavy background processing. Separate the two concerns into two Beanstalk environments connected by SQS.

🌐

Web Tier

Web Server Environment
Handles HTTP requests
Sends heavy tasks to SQS
Responds immediately to user

📬

Message Queue

SQS Standard or FIFO
Decouples web from worker
Buffers work during spikes
Dead letter queue for failures

⚙️

Worker Tier

Worker Environment
Polls SQS, processes tasks
Scales on queue depth
No internet traffic

👉 Real-world examples: E-commerce site (web = product browsing, worker = order processing + email). Photo app (web = upload UI, worker = image resizing + thumbnail generation). SaaS (web = dashboard, worker = report generation + data exports).

Pattern 3 — Blue/Green CI/CD Pipeline Deep

For teams that need zero-downtime deployments with instant rollback capability. Combine Beanstalk's URL swap with a CI/CD pipeline for fully automated releases.

🔄

Pipeline Flow

Developer pushes code to CodeCommit / GitHub
CodePipeline detects change, triggers build
CodeBuild runs tests, creates artifact
Deploy to Green environment (new)
Run smoke tests on Green
Swap URLs — Green becomes production
Old Blue available for instant rollback

⚡

Benefits

Zero downtime — users never see an outage
Instant rollback — swap URLs back in seconds
Testing in production infra — Green has same config as Blue
Canary-like — test with Route 53 weighted routing before full swap
Full automation via CodePipeline

Pattern 4 — Docker on Beanstalk Core

When your application runs in Docker containers but you don't need the complexity of ECS or EKS, Beanstalk's Docker platform is the simplest path. Just provide a Dockerfile or docker-compose.yml.

🐳

Single-Container Docker

One Docker container per EC2 instance
Provide a Dockerfile or Dockerrun.aws.json
Beanstalk builds and runs the container
Simplest Docker deployment on AWS
Standard ALB + ASG + Auto Scaling

🐳🐳

Multi-Container Docker

Multiple containers per EC2 (via ECS under the hood)
Define with Dockerrun.aws.json v2
Sidecar pattern — app + logging + monitoring containers
More complex — consider ECS for production multi-container
⚠️ Retired on Amazon Linux 2 — use ECS instead

👉 Docker vs Native Platform: Use Docker when you need a specific runtime version not offered by Beanstalk, or when your team already uses Docker for local development. For standard Node.js/Java/Python apps, the native platform is simpler and faster to deploy.

⚠️ Multi-container Docker migration: The multi-container Docker platform (Dockerrun.aws.json v2) is not available on Amazon Linux 2023. For existing multi-container environments on Amazon Linux 2, migrate to ECS on EC2 or ECS on Fargate before the AL2 platform reaches end of life. For single-container workloads, the AL2023 Docker platform is the recommended path forward.

Concept Diagram — Choosing the Right Pattern Introductory

Architecture Pattern Decision Guide

AWS Diagram — Blue/Green CI/CD Pipeline Deep

Automated Blue/Green Deployment Pipeline

👨‍💻

Developer

git push

→

CodePipeline

Orchestrate

→

Build & Test

CodeBuild

→

EB Green

Deploy v2

→

🔄

Swap URLs

CNAME Swap

🔵 Blue (current prod)

ELB

→

🟢 Green (new version)

ELB

→

git push → CodePipeline → Build → Deploy to Green → Smoke test → Swap URLs → Green is prod · Blue = rollback target

Architecture Diagram — Complete Production Stack Deep

Production Beanstalk — Web + Worker + CI/CD + External Services

🎯 Chapter 07 Summary

Choose the right Beanstalk pattern based on your workload complexity.

Pattern 1 — Simple Web App: Single env, ALB + ASG + external RDS. Best for monoliths and standard web apps.
Pattern 2 — Web + Worker: Two envs connected by SQS. Decouple request handling from heavy processing.
Pattern 3 — Blue/Green CI/CD: Automated pipeline with dual environments. Zero-downtime deployments + instant rollback.
Pattern 4 — Docker: Run containers on Beanstalk with a Dockerfile. Simplest Docker deployment on AWS.
When Beanstalk isn't enough: Use ECS/EKS for microservices, Lambda for event-driven, raw EC2 for full control.
Production checklist: External RDS (Multi-AZ) · ElastiCache (sessions) · CloudFront (CDN) · Enhanced Health · Blue/Green deploys

📚

Quick Reference

Beanstalk Cheatsheet

EB CLI — Essential Commands Core

Command	What It Does	When to Use
`eb init`	Initialize EB application in current directory	First-time project setup
`eb create`	Create a new environment	New environment (dev, staging, prod)
`eb deploy`	Deploy current code to environment	Push a new version
`eb open`	Open environment URL in browser	Quick access to running app
`eb health`	Show real-time health status	Monitor instance health
`eb logs`	Fetch and display logs	Debugging issues
`eb setenv KEY=value`	Set environment variable	Runtime configuration
`eb config`	View/edit environment configuration	Change scaling, instance type, etc.
`eb swap env1 --destination_name env2`	Swap CNAMEs between environments	Blue/Green deployment
`eb status`	Show environment info (URL, health, platform)	Check environment state
`eb terminate`	Delete environment and all resources	Tear down env (⚠️ destructive)
`eb abort`	Cancel in-progress environment update	Rolling back a bad deploy
`eb clone`	Clone an existing environment	Create staging from prod config
`eb scale N`	Set number of running instances	Manual scaling

.ebextensions — Common Configuration Namespaces Core

Namespace	Setting	Example Value	Purpose
`aws:autoscaling:asg`	MinSize	2	Minimum instances
`aws:autoscaling:asg`	MaxSize	6	Maximum instances
`aws:autoscaling:launchconfiguration`	InstanceType	t3.medium	EC2 instance size
`aws:autoscaling:launchconfiguration`	IamInstanceProfile	aws-elasticbeanstalk-ec2-role	Instance IAM role
`aws:elasticbeanstalk:environment`	LoadBalancerType	application	ALB / NLB / classic
`aws:elasticbeanstalk:environment`	ServiceRole	aws-elasticbeanstalk-service-role	Beanstalk service role
`aws:elasticbeanstalk:application:environment`	NODE_ENV	production	App env variable
`aws:elasticbeanstalk:healthreporting:system`	SystemType	enhanced	Enable enhanced health
`aws:elasticbeanstalk:command`	DeploymentPolicy	Rolling	Deployment strategy
`aws:elasticbeanstalk:command`	BatchSizeType	Percentage	Batch size unit
`aws:elasticbeanstalk:command`	BatchSize	25	% of instances per batch
`aws:autoscaling:trigger`	MeasureName	CPUUtilization	Scaling metric
`aws:autoscaling:trigger`	UpperThreshold	70	Scale out threshold
`aws:autoscaling:trigger`	LowerThreshold	30	Scale in threshold

Health Check Colors — Quick Reference Introductory

🟢

Green

Healthy. All instances passing. No action needed.

🟡

Yellow

Warning. Some failures or high latency. Investigate.

🔴

Red

Degraded. Multiple unhealthy instances. Immediate action.

⚪

Grey

Unknown. Updating or insufficient data. Wait.

Deployment Strategies — Quick Decision Core

Strategy	Downtime?	Rollback Speed	Extra Cost?	Use For
All at Once	⚠️ Yes	🐢 Slow	None	Dev / test only
Rolling	✅ No	🐢 Slow	None	Cost-sensitive prod
Rolling + Batch	✅ No	🐢 Slow	Temp extra	Prod, full capacity
Immutable	✅ No	⚡ Fast	2x during deploy	Prod, safe rollback
Blue/Green	✅ No	⚡ Instant	Full duplicate	Critical prod, zero risk

File Structure — Beanstalk Source Bundle Core

my-app/
├── .ebextensions/                 ← Infrastructure config (YAML)
│   ├── 01-env-vars.config         ← Environment variables + scaling
│   ├── 02-packages.config         ← yum packages + commands
│   └── 03-resources.config        ← Extra CloudFormation resources
├── .platform/                     ← Platform customization (AL2023)
│   ├── hooks/
│   │   ├── prebuild/              ← Before build (install deps)
│   │   ├── predeploy/             ← Before app starts (migrations)
│   │   └── postdeploy/            ← After app running (warmup)
│   ├── confighooks/               ← Same stages, config changes only
│   └── nginx/
│       └── conf.d/
│           └── proxy.conf         ← Custom Nginx settings
├── app.js                         ← Your application code
├── package.json                   ← Dependencies
└── Procfile                       ← (Optional) custom start command
    web: node app.js --port $PORT

Exam — Key Points to Remember Deep

📝

Frequently Tested

RDS inside Beanstalk = deleted on env terminate. Always create externally.
Blue/Green = URL swap, not built-in deployment policy
Immutable = new ASG, fast rollback. All at Once = only one with downtime.
Cannot change LB type after creation
Worker environments use SQS, no load balancer
.ebextensions for config, platform hooks for scripts
leader_only: true for DB migrations
Beanstalk is free — you pay for underlying resources only

🧠

Common Traps

"Beanstalk doesn't support Docker" — ❌ It does (Dockerfile or Dockerrun.aws.json)
"Beanstalk is serverless" — ❌ EC2 instances run 24/7
"You can't SSH into Beanstalk instances" — ❌ You can
"Blue/Green is a deployment policy" — ❌ It's a URL swap strategy
"Enhanced health is enabled by default" — ❌ Must be explicitly enabled
"Rolling deployment has downtime" — ❌ Only All at Once has downtime
"Beanstalk manages its own separate compute" — ❌ Uses EC2 under the hood

🏁 Elastic Beanstalk — The Complete Picture

Beanstalk = PaaS convenience + IaaS transparency. Valet parking for your code.

Upload code → Beanstalk creates EC2, ASG, ELB, CloudWatch, S3, SNS via CloudFormation
5 deploy strategies — All at Once (dev), Rolling (cheap), Rolling+Batch (safe), Immutable (safer), Blue/Green (safest)
2 env types — Web Server (HTTP) and Worker (SQS)
Configure via — env vars, .ebextensions, platform hooks, saved configs, custom AMI
Scale via — Target tracking, step scaling, or scheduled. Enhanced health for real-time monitoring.
Production must-haves — External RDS, Multi-AZ, ElastiCache, Enhanced Health, Immutable or Blue/Green deploys