AWS CloudFront Monitoring Subscription

This page shows how to write Terraform for CloudFront Monitoring Subscription and write them securely.

aws_cloudfront_monitoring_subscription (Terraform)

The Monitoring Subscription in CloudFront can be configured in Terraform with the resource name aws_cloudfront_monitoring_subscription. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


The following arguments are supported:

  • distribution_id - (Required) The ID of the distribution that you are enabling metrics for.
  • monitoring_subscription - (Required) A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.


  • realtime_metrics_subscription_config - (Required) A subscription configuration for additional CloudWatch metrics. See below.


  • realtime_metrics_subscription_status - (Required) A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are Enabled and Disabled. See below.

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the CloudFront monitoring subscription, which corresponds to the distribution_id.

Explanation in Terraform Registry

Provides a CloudFront real-time log configuration resource.

Tips: Best Practices for The Other AWS CloudFront Resources

In addition to the aws_cloudfront_distribution, AWS CloudFront has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.



Ensure to enable access logging of CloudFront distribution

To avoid attacks, it is better to configure access logging of a CloudFront distribution. The logs are important for the early-stage detection of attacks and incident responses. It is better to enable the feature while being careful of handling cookies.

Review your AWS CloudFront settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

CloudFormation Example

CloudFormation code does not have the related resource.

Frequently asked questions

What is AWS CloudFront Monitoring Subscription?

AWS CloudFront Monitoring Subscription is a resource for CloudFront of Amazon Web Service. Settings can be wrote in Terraform.