I created a .net Beanstalk app on Windows Server. I didn't use a custom AMI or anything, I just chose the ASP platform.
My assumption is that the Windows image that's being used is getting patched regularly - is that true? and I don't me enabling Windows Updates, I mean the image itself is periodically being updated by AWS for me so it boots with the latest patches and security fixes etc.
If this is not the case then does that mean I have to manually go to my environment and change the AMI to the new AWS base Windows Server AMI?
Looks like Amazon does do patching:
To ensure that customers have the latest security updates by default, AWS keeps Windows AMIs available only for three months. After releasing new Windows AMIs, AWS makes the Windows AMIs that are older than three months private within 10 days. After an AMI has been made private, if you look at an instance launched from that AMI in the console, the AMI ID field states, "Cannot load detail for ami-xxxxx. You may not be permitted to view it." You can still retrieve the AMI ID using the AWS CLI or an AWS SDK.
The Windows AMIs in each release have new AMI IDs. Therefore, we recommend that you write scripts that locate the latest AWS Windows AMIs by their names, rather than by their IDs.
So is Beanstalk pulling AMIs by their name and not their ID? Or does it continue to use the same old AMI and never update it?
By default this does not update automatically. As specified in this document:
When a new version of your environment's platform configuration is available, Elastic Beanstalk shows a message in the environment management console and makes the Change button available
You need to enable Managed Platform Updates. This allows you to configure your environment to apply minor and patch version updates automatically during a configurable weekly maintenance window.
EDIT:
It appears this doesn't work for Windows though. The bottom paragraph of this document says:
Windows Server-based platforms are not semantically versioned and do not support managed platform updates. You can only launch the latest version of each Windows Server platform configuration and cannot roll back after an upgrade.