AWS CloudFront Realtime Log Config
This page shows how to write Terraform and CloudFormation for CloudFront Realtime Log Config and write them securely.
aws_cloudfront_realtime_log_config (Terraform)
The Realtime Log Config in CloudFront can be configured in Terraform with the resource name aws_cloudfront_realtime_log_config
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
arn
optional computed - string -
fields
required - set of string -
id
optional computed - string -
name
required - string -
sampling_rate
required - number -
endpoint
list block-
stream_type
required - string -
kinesis_stream_config
list block-
role_arn
required - string -
stream_arn
required - string
-
-
Explanation in Terraform Registry
Provides a CloudFront real-time log configuration resource.
Tips: Best Practices for The Other AWS CloudFront Resources
In addition to the aws_cloudfront_distribution, AWS CloudFront has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_cloudfront_distribution
Ensure to enable access logging of CloudFront distribution
To avoid attacks, it is better to configure access logging of a CloudFront distribution. The logs are important for the early-stage detection of attacks and incident responses. It is better to enable the feature while being careful of handling cookies.
AWS::CloudFront::RealtimeLogConfig (CloudFormation)
The RealtimeLogConfig in CloudFront can be configured in CloudFormation with the resource name AWS::CloudFront::RealtimeLogConfig
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
EndPoints
required - List of EndPoint -
Fields
required - List -
Name
required - String -
SamplingRate
required - Double
Explanation in CloudFormation Registry
A real-time log configuration.