Maximizing Visibility with AWS CloudFront’s Real-Time Logging Capabilities

Introduction

In the modern digital era, having websites load quickly and smoothly is essential for a good user experience. Amazon CloudFront is a service designed to make this happen. It acts as a high-speed delivery system for web content, ensuring that websites load faster by storing copies of content closer to users. This reduces the distance data has to travel, resulting in quicker access to information, whether it’s a video, image, or webpage. CloudFront works quietly behind the scenes, improving the efficiency of the internet for everyone.

Problem Statement

We need to know where each request to our website is coming from, like which city and country.
However, just by checking the CDN log, we can only see the IP address of the request and some other details, but not where it’s actually originating from. We’re missing the information about the location of the users making those requests.

Solution Approach

With CDN’s real-time logging, we can see where requests are coming from, including the country and city, and even details like longitude and latitude. This information is very accurate, helping us pinpoint exactly where the requests originate from.

Prerequisites

• Logging Configuration Knowledge: Understand the log format and configuration options available for real-time logging. This includes specifying which fields to include in the logs, log retention policies, and any customization options provided by your CDN provider.
• Resource Allocation: Consider the resource allocation required for processing and storing real-time logs. Depending on the volume of traffic and the granularity of logs, you may need to allocate sufficient resources to handle the incoming log data effectively.
• Understand Log Delivery Options: Familiarize yourself with the different log delivery options offered by your CDN provider. Some CDNs may offer integration with services like Amazon Kinesis Data Firehose or direct delivery to a specified endpoint.

Steps by Step Procedure

1. We need to create a Kinesis data stream for storing the real time cloudfront logs.

2. Now enable real-time logging and define the headers you want to add to CloudFront logs.

3. Once we enable real-time logging by defining all the details, logs are now visible on the Kinesis Data Stream.

4. Now we have to create a Kinesis Data Firehose to send logs to an S3 bucket.

5. After creating the Kinesis Data Firehose, we can find the logs in the S3 bucket.

6. Create an Athena table for S3 and perform operations on the real-time logs.

In the above image, if we expand the ‘cs_headers’ column, we can find details such as country, city, postal code, longitude, etc. Please refer to the image below for all the details.

Please find below the headers that provide us with information about the viewer, such as country and city.

• CloudFront-Viewer-Country-Name: Provides the country name of the viewer
• CloudFront-Viewer-City: Provides the city name of the viewer
• CloudFront-Viewer-Postal-Code: Provides the postal code of the viewer
• CloudFront-Viewer-Time-Zone: Provides the time zone of the viewer
• CloudFront-Viewer-Latitude: Provides the latitude of the viewer
• CloudFront-Viewer-Longitude: Provides the longitude of the viewer

In the above image, we can see the country, city, postal code for each request, which is not possible without real-time logging.

Conclusion

CloudFront real-time logging empowers you with actionable insights into your CDN traffic and performance. By leveraging real-time logs, you can monitor web performance, troubleshoot issues promptly, and optimize content delivery for an exceptional user experience. Incorporating real-time logging into your CDN strategy is a proactive step towards achieving faster, more reliable, and more secure web delivery in today’s dynamic digital environment.