Get Deep Visibility into CloudFront Logs with Axiom

AWS CloudFront is a globally distributed network offered by Amazon Web Services, which securely transfers content, such as software, SDKs, and videos, to clients with high transfer speed.

To ensure you run workloads properly, organizations need deep visibility into the health and performance of their CloudFront workloads at different layers, including the CloudFront origin domain and path. Axiom’s CloudFront integration collects key metrics and logs from each layer to help you avoid bottlenecks and run your CloudFront workloads efficiently. Axiom provides you with advanced queries through APL to help you stay on top of critical changes in your CloudFront distribution workloads.

In this post, we'll highlight how Axiom CloudFront integration can help you:

• Monitor the state of your CloudFront distribution
• Run queries to get deep insights on your CloudFront distribution
• Inspect event properties from CloudFront distribution

Prerequisites

• Axiom Account
• Axiom Dataset and API Token with ingesting permission
• AWS Account with access to AWS access key ID and AWS secret access key with the proper permissions

Configure CloudFront to send logs to Axiom

A CloudFront log configuration specifies the source and destination of your logs and the field they contain. To create and send logs from CloudFront to Axiom, we built an easy-to-use AWS CloudFormation template that lets you spin up an AWS Bucket and a Lambda to send logs from your CloudFront to Axiom.

• Start by cloning the axiom-cloudfront-lambda-repo

• The Axiom CloudFront repo lets you launch your CloudFormation stack if your S3 bucket exists or not. This tutorial will use the stack that lets you create an S3 bucket.

• Click on Launch Stack. It will redirect you back to AWS Console.

• Next, enter the values of Axiom Dataset, API Token, BucketLogskeyPrefix, and S3 BucketName.

• Acknowledge your stack and click on Create Stack.

• I'll use S3 as my CloudFront origin domain in this tutorial. You can also use a Mediastore container or an Elastic Load Balancing endpoint as your origin domain. Back in your S3 bucket, deploy your static or dynamic website.

Create CloudFront Distribution

• Create your CloudFront distribution, and select the origin domain you configured earlier, which is the S3 bucket. Your origin domain can also be your Load Balancer or Mediastore.

• In the dropdown menu under origin access, click on Origin access identities and select the existing origin access identity for your CloudFront S3 bucket.

• In the Settings Pane, enable standard logging to be delivered to your S3 bucket.

• Click on Create distribution. Once your distribution is created and deployed, copy your distribution domain name and paste it into your browser. You will see your CloudFront logs in your Axiom dataset instantly.

View and Analyze CloudFront Logs

Back in your Axiom UI you’ll see your CloudFront real-time logs. In the Datasets pane, you can view, filter, and analyze your logs to better understand your CloudFront distribution performance and gain insights from your data.

Stream CloudFront logs

Process and inspect all events from your CloudFront distribution and watch as each event is ingested live in your dataset. Get a detailed overview of your event properties to see your response_result_type, request_protocol, host, method and port

Get deep insights using APL

You can enable advanced monitoring on your CloudFront distribution using APL. APL lets you visualize your CloudFront logs with custom dashboards, run powerful queries and directly compare any query to an hour, day, week, or custom period.

By visualizing your logs using APL, you can track high-level CloudFront utilization, watch out for sudden changes, view your total distribution processes, ensure that your CloudFront distribution has sufficient capacity, and efficiently troubleshoot any issues that arise faster.

Below are advanced queries ran on my CloudFront distribution using APL:

Successful Requests

['aws-cloudfront-logs']
| where status < 400
| summarize count() by bin_auto(_time), status

Bad Requests

['aws-cloudfront-logs']
| where status >= 400 and status <500
| summarize count() by bin_auto(_time), status, x_edge_detailed_result_type

Requests by method

['aws-cloudfront-logs']
| where isnotnull( method )
| summarize count=count() by bin_auto(_time), method

Popular Edge Region

['aws-cloudfront-logs']
| where isnotnull( location )
| summarize count=count() by bin_auto(_time), ["Edge Region"]=['location']
| limit 20

Function Request

['aws-cloudfront-logs']
| where isnotnull ( status)
| summarize count=count() by bin_auto(_time), status
| limit 20

Total logs by Request Protocol

['aws-cloudfront-logs']
| where isnotnull ( request_protocol)
| summarize count=count() by bin_auto(_time), request_protocol

The CloudFront Dashboard

Easily detect which functions, protocols, and regions are experiencing issues or slowdowns, and see an overview of the successful and bad requests coming into your distribution.

The CloudFront dashboard is where you see a detailed breakdown of all your distribution logs and understand which data to investigate whenever any issue arises.

Try it out today

Head over to our GitHub repository today to install the Axiom CloudFront integration and get advanced observability for all your CloudFront distributions.

• If you have feedback, tweet us @AxiomFM or join our Discord community.