Upgrading Nginx on Elastic Beanstalk to fix a critical vulnerability

We ran into an issue recently where during a pen test we were told we had a critical vulnerability becasue we were running a legacy nginx, we were pretty surpired to hear that because we use the nginx bundled by default with elastic beanstalk.

The AMI used for Elastic Beanstalk is AMI-123aas (replace with actual) with is based on eb-2018.

Details using the eb image as a base and removing nginx and adding the new one

Image of nginx being legacy


links to helpful articles

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.migration-al.html

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux.html

https://stackoverflow.com/questions/37082406/how-to-install-nginx-1-9-15-on-amazon-linux-disto

https://unix.stackexchange.com/questions/529453/how-do-you-install-nginx-1-16-or-1-17-on-aws-linux-via-yum

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rollingupdates.html

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.customenv.html

https://davidwalsh.name/curl-headers