AWS CloudFront Realtime Log Config
This page shows how to write Terraform and CloudFormation for CloudFront Realtime Log Config and write them securely.
aws_cloudfront_realtime_log_config (Terraform)
The Realtime Log Config in CloudFront can be configured in Terraform with the resource name aws_cloudfront_realtime_log_config. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
arnoptional computed - string -
fieldsrequired - set of string -
idoptional computed - string -
namerequired - string -
sampling_raterequired - number -
endpointlist block-
stream_typerequired - string -
kinesis_stream_configlist block-
role_arnrequired - string -
stream_arnrequired - string
-
-
Explanation in Terraform Registry
Provides a CloudFront real-time log configuration resource.
Tips: Best Practices for The Other AWS CloudFront Resources
In addition to the aws_cloudfront_distribution, AWS CloudFront has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_cloudfront_distribution
Ensure to enable access logging of CloudFront distribution
To avoid attacks, it is better to configure access logging of a CloudFront distribution. The logs are important for the early-stage detection of attacks and incident responses. It is better to enable the feature while being careful of handling cookies.
AWS::CloudFront::RealtimeLogConfig (CloudFormation)
The RealtimeLogConfig in CloudFront can be configured in CloudFormation with the resource name AWS::CloudFront::RealtimeLogConfig. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
EndPointsrequired - List of EndPoint -
Fieldsrequired - List -
Namerequired - String -
SamplingRaterequired - Double
Explanation in CloudFormation Registry
A real-time log configuration.
