stackoom
  简体   繁体   中英

How to specify how long AWS CloudFront Access Logs are kept?

 原文  2021-07-11 22:08:27       amazon-web-services/ amazon-s3/ amazon-cloudfront

Question

We are using AWS CDK (AWS Cloud Development Kit) to create our Cloudfront Distribution. We are creating the CloudFront Distribution with access logging enabled and specified the Amazon S3 bucket to store the access logs in.

How long are the access logs kept by default? How does one specify how long they are kept? I sense it has to do with managing the storage lifecycle for the logs.

A subset of docs I looked at (though I may have missed something):

See also https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-objects.html where it says “You can set up a lifecycle rule to automatically delete objects such as log files.”

        var staticContentCFDistribution = new cloudfront.Distribution(this, `IDSTRINGWASHERE`, {
            defaultBehavior: { 
                origin: new S3Origin(staticContentBucket),
                cachePolicy: CachePolicy.CACHING_OPTIMIZED,
                allowedMethods: AllowedMethods.ALLOW_GET_HEAD,
                cachedMethods: AllowedMethods.ALLOW_GET_HEAD,
                viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
                compress: true
            },
            domainNames: [ domainName ],
            comment: `CHANGEDTHISFORTHISPOST`,
            enableLogging: true,
            logBucket: logBucket,
            webAclId: webAclId,
<CLIP>

I have Googled many different things such as:

  • cloudfront access logs lifecycle
  • cloudfront access logs retention cdk

I keep running into CloudWatch docs and not CloudFront Access Log docs where I can specify how long to keep the access logs.

2 answers

solution1
 2  2021-07-11 22:49:22

The log's lifecycle are property of S3, not CloudFront. So if you store your access logs in s3, you setup their lifecycle in S3 as explained in Managing your storage lifecycle .

Similarly, there are retention rules for CloudWatch Logs .

In both cases, these settings are not related to cloudfront.Distribution . They are properties of S3 and CloudWatch.

solution2
 1 ACCPTED  2021-07-12 19:58:40

By default, the logs will be kept in S3 indefinitely or as you suggested, can managed using lifecycle rules.

In the below example, you can create an S3 bucket and use this as part of your CloudFront distribution (or import an existing bucket) and then delete logs automatically after 30 days. You may want to move the files down the available S3 storage tiers before deleting but this is personal preference.

const logBucket = new s3.Bucket(this, `${id}-log-bucket`)

logBucket.addLifecycleRule({
  enabled: true,
  expiration: Duration.days(30),
  id: 'rule',
});

new cloudfront.Distribution(this, `${id}-cf-distribution`, {
  logBucket,
  …
  etc
})

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to specific query parameter value in aws application load balancer access logs and cloudfront access logs Are there any notifications in AWS CloudFront Access Logs? AWS Cloudfront (with WAF) + API Gateway: how to force access through Cloudfront? How to delete an aws cloudfront Origin Access Identity How to access aws websocket through CloudFront How to prevent access to path in Aws CloudFront AWS - Lambda Cloudfront logs How to find data source for aws_cloudfront_origin_access_identity? how to setup AWS VPN end point to access SAM Cloudfront How to securely access the content in AWS cloudfront by using react native
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM