# Amazon CloudFront ### Amazon CloudFront log shipping to s3 To send access logs from Amazon CloudFront to an Amazon S3 bucket, you can enable CloudFront standard logging. Below are the documented important steps focusing primarily on standard logging, which is the more common and straightforward method for S3-based delivery. ### **Prerequisites** To successfully stream web traffic logs to Netacea, please ensure the following: * You have an active AWS account with access to the AWS Management Console. * An Amazon S3 bucket has been created and configured to accept logs from CloudFront. * You have shared your AWS Account ID with Netacea. > This is required so Netacea can apply the correct bucket policy to accept CloudFront logs. * You have received the necessary S3 bucket details (bucket name and ARN) from Netacea. These can be found [here](https://netacea.gitbook.io/portal-docs/user-guides-and-videos/portal-setup-and-log-shipping-guide). * You are aware of the[ minimum required dataset](#netacea-minimum-required-dataset) fields needed by Netacea for log analysis. ### Standard Access Logging (Logs to S3) This option logs every request and delivers logs in batches (typically within minutes to an hour). #### Step 1: Provide Netacea with your AWS Account ID Your CloudFront distribution must have write-access to the bucket. This requires a bucket policy that must contain your AWS Account ID. This will need to be shared before we can accept any data. **Example bucket policy:** ``` { "Version": "2012-10-17", "Statement":[ { "Sid": "AllowCloudFrontLogs", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::cloudfront-access-logs/*", "Condition": { "StringEquals": { "AWS:SourceAccount": "YOUR_AWS_ACCOUNT_ID" } } } ] } ``` #### Step 2: Enable Logging in the CloudFront Distribution 1. Open the **AWS Management Console** → **CloudFront**. 2. Select your distribution → go to the **Logging tab** 3. Click **Add > Amazon S3 Bucket.** 4. Enter the S3 bucket details from the Netacea Portal (`arn:aws:s3:::bucketName`) 5. Go to Additional settings. 1. Under **Field selection** select the fields to send to Netacea (please see[ Netacea required dataset](#netacea-required-dataset) below). 6. Save changes. ### **Netacea required dataset** To complete a successful POV, Netacea will request the following data is provided for analysis:

Required Field	AWS Field Name	Description
Timestamp	date	The time at which the request was received
	time	The time at which the request was received
IP Address	c-ip	The IP address from which the request was made
User Agent	cs-user-agent	The user agent string sent in the header by the client
Method	cs-method	The HTTP method of the request
Path	cs-uri-stem	The path of the requested resource
Query	cs-uri-query	The query string of the request
Status	sc-status	The HTTP status code returned by the server
Referrer	cs(Referer)	The web page the user followed a link from
Bytes Sent	cs-bytes	The Bytes sent as part of the server's response
Host	cs(Host)	The domain name of the CloudFront distribution
Protocol	Protocol	The protocol of the request
X forwarded for*	x-forwarded-for	Connecting IP address [array] of a client request, if proxied
True-Client-IP*	True-Client-IP	The trusted source of the original client IP
Request Time	time-taken	The total time (in seconds) that CloudFront took to serve the request

\* Useful for when proxies are in the line of traffic from client > origin ### Final Steps Once log delivery is active, **notify your Netacea Solutions Engineer**. This allows us to: * Confirm receipt of data * Validate the dataset format and completeness * Begin analysis once a sufficient volume of data has been collected If you require support during setup, the Netacea SE team is here to help — don’t hesitate to reach out.