AWS CloudFront Monitoring Subscription
This page shows how to write Terraform for CloudFront Monitoring Subscription and write them securely.
The Monitoring Subscription in CloudFront can be configured in Terraform with the resource name
aws_cloudfront_monitoring_subscription. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
The following arguments are supported:
distribution_id- (Required) The ID of the distribution that you are enabling metrics for.
monitoring_subscription- (Required) A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.
realtime_metrics_subscription_config- (Required) A subscription configuration for additional CloudWatch metrics. See below.
realtime_metrics_subscription_status- (Required) A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are
Disabled. See below.
In addition to all arguments above, the following attributes are exported:
id- The ID of the CloudFront monitoring subscription, which corresponds to the
Explanation in Terraform Registry
Provides a CloudFront real-time log configuration resource.
Tips: Best Practices for The Other AWS CloudFront Resources
In addition to the aws_cloudfront_distribution, AWS CloudFront has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
Ensure to enable access logging of CloudFront distribution
To avoid attacks, it is better to configure access logging of a CloudFront distribution. The logs are important for the early-stage detection of attacks and incident responses. It is better to enable the feature while being careful of handling cookies.
CloudFormation code does not have the related resource.