Ensure that your AWS Cloudfront distributions have the Logging feature enabled in order to track all viewer requests for the content delivered through the Content Delivery Network (CDN).
The Cloudfront access logs contain detailed information (requested object name, date and time of the access, client IP, access point, error code, etc) about each request made for your web content, information that can be extremely useful during security audits or as input data for various analytics/reporting tools. You can also use this feature in combination with AWS Lambda and AWS WAF to process the logging data and block the requests coming from those IP addresses that generate too many error codes as the requests that generate these errors are often made by attackers trying to find vulnerabilities within your website/web application.
To determine if your Cloudfront CDN distributions have access logging enabled, perform the following:
To enable access logging for your Cloudfront CDN distributions, perform the following: