It's good, but it's not perfect. Some of the issues we have encountered: it's slow to deploy; it doesn't always provide enough feedback (watching the Events page for 5-10 minutes with no real idea what it is doing); there are some relatively small changes which trigger a rebuild (which is slow). Overall I still love it, but we're kind of butting up against its limits. I'd definitely START with it though, as you get a lot of automation for minimal effort.
What's the default deployment like with security etc? Looking to get a really lightweight app into production but am no sysadmin - since it's just managing other AWS services, guessing it's not as plug-and-play as a more hand-holdy PaaS?
it does an ok job by default, security groups are pretty locked down, it creates two for every environment(elb+server). if your db is outside of beanstalk youd want to add your own security groups to it. if you use the eb cli tool to ssh though be careful, the way that works is it opens port 22 to the world, you ssh, and only when you stop ssh'ing cleanly it closes it...
What have you guys done for server logs in EB? The system they seem to have in place is god awful. Even through their CLI, it seems to have to make a request and load about 100 lines from the tail of the server logs.
Use an external logging service. You can run your own if you like, but there are plenty of people that offer pretty good services for not much- assuming you're not generating more than a GB or 2 a day.
I have personal experience with Papertrail and Loggly, which is quite nice if you want to build derivative data.
