Amazon CloudFront
Configuring Amazon CloudFront to deliver access logs to Netacea via S3
Amazon CloudFront log shipping to s3
To send access logs from Amazon CloudFront to an Amazon S3 bucket, you can enable CloudFront standard logging. Below are the documented important steps focusing primarily on standard logging, which is the more common and straightforward method for S3-based delivery.
Prerequisites
To successfully stream web traffic logs to Netacea, please ensure the following:
You have an active AWS account with access to the AWS Management Console.
An Amazon S3 bucket has been created and configured to accept logs from CloudFront.
You have shared your AWS Account ID with Netacea.
This is required so Netacea can apply the correct bucket policy to accept CloudFront logs.
You have received the necessary S3 bucket details (bucket name and ARN) from Netacea. These can be found here.
You are aware of the minimum required dataset fields needed by Netacea for log analysis.
Standard Access Logging (Logs to S3)
This option logs every request and delivers logs in batches (typically within minutes to an hour).
Step 1: Provide Netacea with your AWS Account ID
Your CloudFront distribution must have write-access to the bucket. This requires a bucket policy that must contain your AWS Account ID. This will need to be shared before we can accept any data.
Example bucket policy:
{
"Version": "2012-10-17",
"Statement":[
{
"Sid": "AllowCloudFrontLogs",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::cloudfront-access-logs/*",
"Condition": {
"StringEquals": {
"AWS:SourceAccount": "YOUR_AWS_ACCOUNT_ID"
}
}
}
]
}Step 2: Enable Logging in the CloudFront Distribution
Open the AWS Management Console → CloudFront.
Select your distribution → go to the Logging tab
Click Add > Amazon S3 Bucket.
Enter the S3 bucket details from the Netacea Portal (
arn:aws:s3:::bucketName)Go to Additional settings.
Under Field selection select the fields to send to Netacea (please see Netacea required dataset below).
Save changes.
Netacea required dataset
To complete a successful POV, Netacea will request the following data is provided for analysis:
Timestamp
date
The time at which the request was received
time
The time at which the request was received
IP Address
c-ip
The IP address from which the request was made
User Agent
cs-user-agent
The user agent string sent in the header by the client
Method
cs-method
The HTTP method of the request
Path
cs-uri-stem
The path of the requested resource
Query
cs-uri-query
The query string of the request
Status
sc-status
The HTTP status code returned by the server
Referrer
cs(Referer)
The web page the user followed a link from
Bytes Sent
cs-bytes
The Bytes sent as part of the server's response
Host
cs(Host)
The domain name of the CloudFront distribution
Protocol
Protocol
The protocol of the request
X forwarded for*
x-forwarded-for
Connecting IP address [array] of a client request, if proxied
True-Client-IP*
True-Client-IP
The trusted source of the original client IP
Request Time
time-taken
The total time (in seconds) that CloudFront took to serve the request
* Useful for when proxies are in the line of traffic from client > origin
Final Steps
Once log delivery is active, notify your Netacea Solutions Engineer. This allows us to:
Confirm receipt of data
Validate the dataset format and completeness
Begin analysis once a sufficient volume of data has been collected
If you require support during setup, the Netacea SE team is here to help — don’t hesitate to reach out.
Last updated