October 20, 2022

#engineering

Get Deep Visibility into CloudFront Logs with Axiom


Blog Screenshot
Author
Tola Ore-Aruwaji

Developer Relations Engineer

AWS CloudFront is a globally distributed network offered by Amazon Web Services, which securely transfers content, such as software, SDKs, and videos, to clients with high transfer speed.

To ensure you run workloads properly, organizations need deep visibility into the health and performance of their CloudFront workloads at different layers, including the CloudFront origin domain and path. Axiom’s CloudFront integration collects key metrics and logs from each layer to help you avoid bottlenecks and run your CloudFront workloads efficiently. Axiom provides you with advanced queries through APL to help you stay on top of critical changes in your CloudFront distribution workloads.

In this post, we'll highlight how Axiom CloudFront integration can help you:

  • Monitor the state of your CloudFront distribution
  • Run queries to get deep insights on your CloudFront distribution
  • Inspect event properties from CloudFront distribution

Prerequisites


Configure CloudFront to send logs to Axiom

A CloudFront log configuration specifies the source and destination of your logs and the field they contain. To create and send logs from CloudFront to Axiom, we built an easy-to-use AWS CloudFormation template that lets you spin up an AWS Bucket and a Lambda to send logs from your CloudFront to Axiom.

  • Acknowledge your stack and click on Create Stack.

  • I'll use S3 as my CloudFront origin domain in this tutorial. You can also use a Mediastore container or an Elastic Load Balancing endpoint as your origin domain. Back in your S3 bucket, deploy your static or dynamic website.


Create CloudFront Distribution

  • Create your CloudFront distribution, and select the origin domain you configured earlier, which is the S3 bucket. Your origin domain can also be your Load Balancer or Mediastore.

  • In the dropdown menu under origin access, click on Origin access identities and select the existing origin access identity for your CloudFront S3 bucket.

  • In the Settings Pane, enable standard logging to be delivered to your S3 bucket.

  • Click on Create distribution. Once your distribution is created and deployed, copy your distribution domain name and paste it into your browser. You will see your CloudFront logs in your Axiom dataset instantly.

View and Analyze CloudFront Logs

Back in your Axiom UI you’ll see your CloudFront real-time logs. In the Datasets pane, you can view, filter, and analyze your logs to better understand your CloudFront distribution performance and gain insights from your data.


Stream CloudFront logs

Process and inspect all events from your CloudFront distribution and watch as each event is ingested live in your dataset. Get a detailed overview of your event properties to see your response_result_type, request_protocol, host, method and port


Get deep insights using APL

You can enable advanced monitoring on your CloudFront distribution using APL. APL lets you visualize your CloudFront logs with custom dashboards, run powerful queries and directly compare any query to an hour, day, week, or custom period.

By visualizing your logs using APL, you can track high-level CloudFront utilization, watch out for sudden changes, view your total distribution processes, ensure that your CloudFront distribution has sufficient capacity, and efficiently troubleshoot any issues that arise faster.

Below are advanced queries ran on my CloudFront distribution using APL:

Successful Requests

['aws-cloudfront-logs']
| where status < 400
| summarize count() by bin_auto(_time), status


Bad Requests

['aws-cloudfront-logs']
| where status >= 400 and status <500
| summarize count() by bin_auto(_time), status, x_edge_detailed_result_type


Requests by method

['aws-cloudfront-logs']
| where isnotnull( method )
| summarize count=count() by bin_auto(_time), method


Popular Edge Region

['aws-cloudfront-logs']
| where isnotnull( location )
| summarize count=count() by bin_auto(_time), ["Edge Region"]=['location']
| limit 20


Function Request

['aws-cloudfront-logs']
| where isnotnull ( status)
| summarize count=count() by bin_auto(_time), status
| limit 20


Total logs by Request Protocol

['aws-cloudfront-logs']
| where isnotnull ( request_protocol)
| summarize count=count() by bin_auto(_time), request_protocol


The CloudFront Dashboard

Easily detect which functions, protocols, and regions are experiencing issues or slowdowns, and see an overview of the successful and bad requests coming into your distribution.

The CloudFront dashboard is where you see a detailed breakdown of all your distribution logs and understand which data to investigate whenever any issue arises.

Try it out today

Head over to our GitHub repository today to install the Axiom CloudFront integration and get advanced observability for all your CloudFront distributions.

Share
Get started with Axiom

Learn how to start ingesting, streaming, and
querying data into Axiom in less than 10 minutes.