ELB Logs on S3 Bucket
Today we’ll be implementing an S3 bucket policy for storing multiple Elastic Load Balancer access logs on a single S3 bucket.
Instead of having multiple S3 bucket for each ELB access logs, we’ll create only one S3 bucket for storing all ELB’s access logs.
This section walks you through the step by step guide for configuring S3 bucket for storing ELB logs.
Step1: Create S3 bucket
Step2: Attach a bucket policy to the S3 Bucket
Step3: Enable Access logs at the ELB
Step1: Create S3 bucket:
Let’s create an S3 bucket for storing our ELB logs.
S3 bucket: com.domainame.com.elb.logs
Let’s create few folder inside our S3 bucket. e.g. myapp1, myapp2, myapp3 for storing respective elb access logs.
Step2: Attach a bucket policy to the S3 bucket.
You can use below bucket policy for this purpose. You have to change certain parameters on this policy like “account number, bucket name , folder name” as per your setup.
[js]
{
"Version": "2008-10-17",
"Id": "Policy1413182823222",
"Statement": [
{
"Sid": "Stmt1413182819426",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ELB-REGION-ID:root"
},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::com.domainname.com.elb.logs/myapp1/AWSLogs/XXXXXXXXXXXX/*",
"arn:aws:s3:::com.domainname.com.elb.logs/myapp2/AWSLogs/XXXXXXXXXXXX/*",
"arn:aws:s3:::com.domainname.com.elb.logs/myapp3/AWSLogs/XXXXXXXXXXXX/*",
]
}
]
}
[/js]
–> In place of ELB-REGION-ID, you have to use ‘127311923021’ if your ELB is in North Virginia and ‘156460612806’ if your ELB is in EU (Ireland). For a complete list of ELB REGION ID you can follow this link “http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/configure-s3-bucket.html”
–> In Resource section above , You have to use below format
[js] arn:aws:s3:::yourS3bucketname/prefix/AWSLogs/yourAWSAccountID/* [/js]
like we did
yourS3bucketname: “com.domainname.com.elb.logs”
prefix: “myapp1”
AWSlogs: “leave it as it is”
yourAWSAccountID: “your 12 digit AWS Account Number”
Similarly you can define multiple prefix for multiple application.
Step3: Enable Access logs at the ELB
Log In to EC2 Section -> Browse to Load Balancers -> Click on any load Balancer -> Enable Access log [Edit],
This will ask you for your S3 Bucket location with prefix.
Give the path of S3 bucket. “com.domainname.com.elb.logs/myapp1”
Similarly for another ELB you can enable access log and use myapp2 folder.
Great Article, Only suggestion is that make sure that you do it from a single browser. I had s3 console open in one browser and ec2 console open in another browser and errors were being thrown.
I cannot thank you enough for the blog article.Really thank you!
Just Browsing While I was browsing today I noticed a excellent article concerning
A round of applause for your blog article.Really thank you! Keep writing.