Troubleshooting your Elastic Beanstalk environment
This chapter provides guidance for troubleshooting issues with your Elastic Beanstalk environment. It provides the following information.
-
An introduction to the AWS Systems Manager tool, plus a procedure to run a predefined Elastic Beanstalk runbook that outputs troubleshooting steps and recommendations.
-
General guidance for actions you can take and resources you can view if your environment status degrades.
-
More specific troubleshooting tips by subject category.
Note
If the health of your environment changes to red, we recommend that you first use the AWS Systems Manager tool that includes predefined runbooks to troubleshoot Elastic Beanstalk. For more information see the Using the Systems Manager tool.
Topics
Using AWS Systems Manager Elastic Beanstalk runbooks
You can use Systems Manager to troubleshoot your Elastic Beanstalk environments. To help you get started quickly, Systems Manager provides predefined Automation runbooks for Elastic Beanstalk. An Automation runbook is a type of Systems Manager document that defines actions to perform on your environment's instances and other AWS resources.
The document AWSSupport-TroubleshootElasticBeanstalk
is an Automation runbook
designed to help identify a number of common issues that can degrade your Elastic Beanstalk environment. To
do so, it checks components of your environment, including the following: EC2 instances, the VPC,
AWS CloudFormation stack, load balancers, Auto Scaling groups, and network configuration associated with security
group rules, route tables, and ACLs.
It also provides an option to upload bundled log files from your environment to AWS Support.
For more information, see AWSSupport-TroubleshootElasticBeanstalk
in the AWS Systems Manager
Automation runbook reference.
Use Systems Manager to run AWSSupport-TroubleshootElasticBeanstalk
runbook
Note
Run this procedure in the same AWS Region where your Elastic Beanstalk environment is located.
-
Open the AWS Systems Manager
console. -
From the navigation pane, in the Change Management section, choose Automation.
-
Choose Execute automation.
-
On the Owned by Amazon tab, in the Automation document search box, enter
AWSSupport-TroubleshootElasticBeanstalk
. -
Select the AWSSupport-TroubleshootElasticBeanstalk card, then choose Next.
-
Select Execute.
-
In the Input parameters section:
-
From the AutomationAssumeRole dropdown, select the ARN of the role that allows Systems Manager to perform actions on your behalf.
-
For ApplicationName, enter the name of the Elastic Beanstalk application.
-
For Environment Name, enter the Elastic Beanstalk environment.
-
(Optional) For S3UploaderLink, enter a link if an AWS Support Engineer has provided you an S3 link for log collection.
-
-
Choose Execute.
If any of the steps fail, select the link under the Step ID column for the step that failed. This displays an Execution detail page for the step. The VerificationErrorMessage section will display a summary of the steps that require attention. For example, the
IAMPermissionCheck
could display a Warning message. In this case, you could check that the role selected in the AutomationAssumeRole dropdown has the necessary permissions.
After all of the steps successfully complete, the output gives troubleshooting steps and recommendations to restore your environment to a healthy state.
General guidance for troubleshooting your Elastic Beanstalk environment
Error messages can appear on the Events page in the console, in logs, or on the Health page. You can also take actions to recover from a degraded environment that was caused by a recent change. If the health of your environment changes to Red, try the following:
-
If an operation on your environment returns an error that contains the text
The stack
, see Recovering your Elastic Beanstalk environment from an invalid state for troubleshooting help.
associated with environmentstack_id
is inenvironment-ID
statestack-status
-
If an operation on your environment returns an error that contains the text
Environment
, terminate your environment and create another one.environment-name
associated CloudFormation stackstack_arn
does not exist -
Review recent environment events. Messages from Elastic Beanstalk about deployment, load, and configuration issues often appear here.
-
Review recent environment change history. Change history lists all of the configuration changes made to your environments and includes other information, such as which IAM user made changes and which configuration parameters were set.
-
Pull logs to view recent log file entries. Web server logs contain information about incoming requests and errors.
-
Connect to an instance and check system resources.
-
Roll back to a previous working version of the application.
-
Undo recent configuration changes or restore a saved configuration.
-
Deploy a new environment. If the environment appears healthy, perform a CNAME swap to route traffic to the new environment and continue to debug the previous one.
Environments that access secrets and parameters with environment variables
Event: Instance deployment failed to get one or more secrets
This message indicates that Elastic Beanstalk was not able to fetch one or more of the secrets specified during your application deployment.
-
Check that the resources specified by the ARN values in your environment variable configuration exist.
-
Confirm that your Elastic Beanstalk EC2 instance profile role has the required IAM permissions to access the resources.
-
If this event was triggered through the
RestartAppServer
operation, once the issue is fixed, retry theRestartAppServer
call to resolve the issue. -
If the event was triggered through an
UpdateEnvironment
call, retry theUpdateEnvironment
operation.
For examples of these commands, see AWS CLI examples for Elastic Beanstalk. For more information about the API actions for these operations, see the AWS Elastic Beanstalk API Reference.
Event: Instance deployment detected one or more multiline environment values, which are not supported for this platform
Multiline variables are not supported for Amazon Linux 2 platforms, excluding Docker and ECS managed Docker platforms. For available options to proceed, see Multiline values.
Event: CreateEnvironment fails when a secret is specified
When CreateEnvironment
fails and you have secrets as environment variables, you need to address the underlying issue and then use
UpdateEnvironment
to complete the environment setup. Do not use RestartAppServer
, as it will not be sufficient to bring the
environment up in this situation. For examples of these commands, see AWS CLI examples for Elastic Beanstalk. For more information about
the API actions for these operations, see the AWS Elastic Beanstalk API Reference.
Environment creation and instance launches
Event: Failed to Launch Environment
This event occurs when Elastic Beanstalk attempts to launch an environment and encounters failures along the way. Previous events on the Events page will alert you to the root cause of this issue.
Event: Create environment operation is complete, but with command timeouts. Try increasing the timeout period.
Your application may take a long time to deploy if you use configuration files that run commands on the instance, download large files, or install packages. Increase the command timeout to give your application more time to start running during deployments.
Event: The following resource(s) failed to create: [AWSEBInstanceLaunchWaitCondition]
This message indicates that your environment's Amazon EC2 instances did not communicate to Elastic Beanstalk that they were launched successfully. This can occur if the instances do not have Internet connectivity. If you configured your environment to launch instances in a private VPC subnet, ensure that the subnet has a NAT to allow the instances to connect to Elastic Beanstalk.
Event: A Service Role is required in this region. Please add a Service Role option to the environment.
Elastic Beanstalk uses a service role to monitor the resources in your environment and support managed platform updates. See Managing Elastic Beanstalk service roles for more information.
Deployments
Issue: Application becomes unavailable during deployments
Because Elastic Beanstalk uses a drop-in upgrade process, there might be a few seconds of downtime. Use rolling deployments to minimize the effect of deployments on your production environments.
Event: Failed to create the AWS Elastic Beanstalk application version
Your application source bundle may be too large, or you may have reached the application version quota.
Event: Update environment operation is complete, but with command timeouts. Try increasing the timeout period.
Your application may take a long time to deploy if you use configuration files that run commands on the instance, download large files, or install packages. Increase the command timeout to give your application more time to start running during deployments.
Health
Event: CPU Utilization Exceeds 95.00%
Try running more instances, or choose a different instance type.
Event:
Elastic Load Balancer awseb-myapp
Has Zero Healthy
Instances
If your application appears to be working, make sure that your application’s health check URL is configured correctly. If not, check the Health screen and environment logs for more information.
Event:
Elastic Load Balancer awseb-myapp
Cannot Be
Found
Your environment's load balancer may have been removed out-of-band. Only make changes to your environment's resources with the configuration options and extensibility provided by Elastic Beanstalk. Rebuild your environment or launch a new one.
Event: EC2 Instance Launch Failure. Waiting for a New EC2 Instance to Launch...
Availability for your environment's instance type may be low, or you may have reached the
instance quota for your account. Check the service
health dashboard
Configuration
Event:
The stack
associated with environment stack_id
is in environment-ID
statestack-status
The underlying AWS CloudFormation stack of your environment may be in a *_FAILED status. This status must be remedied in order to continue Elastic Beanstalk operations on your environment. For more information, see Recovering your Elastic Beanstalk environment from an invalid state.
Event: You cannot configure an Elastic Beanstalk environment with values for both the Elastic Load Balancing Target option and Application Healthcheck URL option
The Target
option in the aws:elb:healthcheck
namespace is deprecated. Remove the Target
option namespace) from
your environment and try updating again.
Event: ELB cannot be attached to multiple subnets in the same AZ
This message can be seen if you try to move a load balancer between subnets in the same Availability Zone. Changing subnets on the load balancer requires moving it out of the original availability zone(s) and then back into the original with the desired subnets. During the process, all of your instances will be migrated between AZs, causing significant downtime. Instead, consider creating a new environment and perform a CNAME swap.
Troubleshooting Docker containers
Event: Failed to pull Docker image :latest: Invalid repository name (), only [a-z0-9-_.] are allowed. Tail the logs for more details.
Check the syntax of the dockerrun.aws.json
file using a JSON validator.
Also verify the dockerfile contents against the requirements described in Preparing your Docker image for deployment to Elastic Beanstalk
Event: No EXPOSE directive found in Dockerfile, abort deployment
The Dockerfile
or the dockerrun.aws.json
file does not
declare the container port. Use the EXPOSE
instruction (Dockerfile
) or
Ports
block (dockerrun.aws.json
file) to expose a port for
incoming traffic.
Event:
Failed to download authentication credentials repository
from bucket name
The dockerrun.aws.json
provides an invalid EC2 key pair and/or S3
bucket for the .dockercfg
file. Or, the instance profile does not have
GetObject authorization for the S3 bucket. Verify that the .dockercfg
file
contains a valid S3 bucket and EC2 key pair. Grant permissions for the action
s3:GetObject
to the IAM role in the instance profile. For details, go to Managing Elastic Beanstalk instance profiles
Event: Activity execution failed, because: WARNING: Invalid auth configuration file
Your authentication file (config.json
) is not formatted correctly. See
Using images from a private repository in Elastic Beanstalk
FAQ
Question: How can I change my application URL from myapp.us-west-2.elasticbeanstalk.com to www.myapp.com?
In a DNS server, register a CNAME record such as www.mydomain.com CNAME
mydomain.elasticbeanstalk.com
.
Question: How do I specify a specific Availability Zone for my Elastic Beanstalk application?
You can pick a specific Availability Zone by using the APIs, CLI, Eclipse plugin, or Visual Studio plugin. For instructions about using the Elastic Beanstalk console to specify an Availability Zone, see Auto Scaling your Elastic Beanstalk environment instances.
Question: How do I change my environment's instance type?
To change your environment's instance type go to the environment configuration page and choose Edit in the Instances configuration category. Then, select a new instance type and choose Apply to update your environment. After this, Elastic Beanstalk terminates all running instances and replaces them with new ones.
Question: How do I determine if anyone made configuration changes to an environment?
To see this information, in the navigation pane of the Elastic Beanstalk console choose Change history to display a list of configuration changes for all environments. This list includes the date and time of the change, the configuration parameter and value it was changed to, and the IAM user that made the change. For more information, see Change history.
Question: Can I prevent Amazon EBS volumes from being deleted when instances are terminated?
Instances in your environment use Amazon EBS for storage; however, the root volume is deleted when an instance is terminated by Auto Scaling. We don'trecommend that
you store state or other data on your instances. If needed, you can prevent volumes from being deleted with the AWS CLI: $ aws ec2
modify-instance-attribute -b '/dev/sdc=<vol-id>:false
as described in the AWS CLI
Reference.
Question: How do I delete personal information from my Elastic Beanstalk application?
AWS resources that your Elastic Beanstalk application uses might store personal information. When you terminate an environment, Elastic Beanstalk terminates the resources that it created. Resources you added using configuration files are also terminated. However, if you created AWS resources outside of your Elastic Beanstalk environment and associated them with your application, you might need to manually check that personal information that your application might have stored isn't retained. Throughout this developer guide, whenever we discuss creating additional resources, we also mention when you should consider deleting them.
Common Errors
This topic lists common error messages encountered when using the EB CLI and possible solutions. If you encounter an error message not shown here, use the Feedback links to let us know about it.
ERROR: An error occurred while handling git command. Error code: 128 Error: fatal: Not a valid object name HEAD
Cause: This error message is shown when you have initialized a Git repository but have not yet committed. The EB CLI looks for the HEAD revision when your project folder contains a Git repository.
Solution: Add the files in your project folder to the staging area and commit:
~/my-app$ git add .
~/my-app$ git commit -m "First commit"
ERROR: This branch does not have a default environment. You must either specify an environment by typing "eb status my-env-name" or set a default environment by typing "eb use my-env-name".
Cause: When you create a new branch in git, it is not attached to an Elastic Beanstalk environment by default.
Solution: Run eb list to see a list of
available environments. Then run eb use env-name
to use
one of the available environments.
ERROR: 2.0+ Platforms require a service role. You can provide one with --service-role option
Cause: If you specify an environment name with eb create (for example, eb create my-env), the EB CLI will not attempt to create a service role for you. If you don't have the default service role, the above error is shown.
Solution: Run eb create without an environment name and follow the prompts to create the default service role.
Deployment errors
Your Elastic Beanstalk deployment might response with a 404 (if your application failed to launch) or 500 (if your application fails during runtime) response. To troubleshoot many common issues, you can use the EB CLI to check the status of your deployment, view its logs, gain access to your EC2 instance with SSH, or to open the AWS Management Console page for your application environment.
To use the EB CLI to help troubleshoot your deployment
-
Run eb status to see the status of your current deployment and health of your EC2 hosts. For example:
$
eb status --verbose
Environment details for: python_eb_app Application name: python_eb_app Region: us-west-2 Deployed Version: app-150206_035343 Environment ID: e-wa8u6rrmqy Platform: 64bit Amazon Linux 2014.09 v1.1.0 running Python 2.7 Tier: WebServer-Standard- CNAME: python_eb_app.elasticbeanstalk.com Updated: 2015-02-06 12:00:08.557000+00:00 Status: Ready Health: Green Running instances: 1 i-8000528c: InServiceNote
Using the
--verbose
switch provides information about the status of your running instances. Without it, eb status will print only general information about your environment. -
Run eb health to view health information about your environment:
$
eb health --refresh
elasticBeanstalkExa-env Degraded 2016-03-28 23:13:20 WebServer Ruby 2.1 (Puma) total ok warning degraded severe info pending unknown 5 2 0 2 1 0 0 0 instance-id status cause Overall Degraded Incorrect application version found on 3 out of 5 instances. Expected version "Sample Application" (deployment 1). i-d581497d Degraded Incorrect application version "v2" (deployment 2). Expected version "Sample Application" (deployment 1). i-d481497c Degraded Incorrect application version "v2" (deployment 2). Expected version "Sample Application" (deployment 1). i-136e00c0 Severe Instance ELB health has not been available for 5 minutes. i-126e00c1 Ok i-8b2cf575 Ok instance-id r/sec %2xx %3xx %4xx %5xx p99 p90 p75 p50 p10 Overall 646.7 100.0 0.0 0.0 0.0 0.003 0.002 0.001 0.001 0.000 i-dac3f859 167.5 1675 0 0 0 0.003 0.002 0.001 0.001 0.000 i-05013a81 161.2 1612 0 0 0 0.003 0.002 0.001 0.001 0.000 i-04013a80 0.0 - - - - - - - - - i-3ab524a1 155.9 1559 0 0 0 0.003 0.002 0.001 0.001 0.000 i-bf300d3c 162.1 1621 0 0 0 0.003 0.002 0.001 0.001 0.000 instance-id type az running load 1 load 5 user% nice% system% idle% iowait% i-d581497d t2.micro 1a 25 mins 0.16 0.1 7.0 0.0 1.7 91.0 0.1 i-d481497c t2.micro 1a 25 mins 0.14 0.1 7.2 0.0 1.6 91.1 0.0 i-136e00c0 t2.micro 1b 25 mins 0.0 0.01 0.0 0.0 0.0 99.9 0.1 i-126e00c1 t2.micro 1b 25 mins 0.03 0.08 6.9 0.0 2.1 90.7 0.1 i-8b2cf575 t2.micro 1c 1 hour 0.05 0.41 6.9 0.0 2.0 90.9 0.0 instance-id status id version ago deployments i-d581497d Deployed 2 v2 9 mins i-d481497c Deployed 2 v2 7 mins i-136e00c0 Failed 2 v2 5 mins i-126e00c1 Deployed 1 Sample Application 25 mins i-8b2cf575 Deployed 1 Sample Application 1 hourThe above example shows an environment with five instances where the deployment of version "v2" failed on the third instance. After a failed deployment, the expected version is reset to the last version that succeeded, which in this case is "Sample Application" from the first deployment. See Using the EB CLI to monitor environment health for more information.
-
Run eb logs to download and view the logs associated with your application deployment.
$
eb logs
-
Run eb ssh to connect with the EC2 instance that's running your application and examine it directly. On the instance, your deployed application can be found in the
/opt/python/current/app
directory, and your Python environment will be found in/opt/python/run/venv/
. -
Run eb console to view your application environment on the AWS Management Console
. You can use the web interface to easily examine various aspects of your deployment, including your application's configuration, status, events, logs. You can also download the current or past application versions that you've deployed to the server.