01 Run create-bucket command (OSX/Linux/UNIX) to create the S3 bucket that will store your Cloudfront distribution(s) log files:
aws s3api create-bucket
--bucket aws-cf-access-logs
--region us-east-1
02 The command output should return the new S3 bucket location:
{
"Location": "/aws-cf-access-logs"
}
03 Run get-distribution-config command (OSX/Linux/UNIX) to extract the configuration information from your Cloudfront distribution. The following command returns the configuration of a distribution with the access logging feature disabled, identified by the ID E2RX3E6TS8SFB9:
aws cloudfront get-distribution-config
--id E2RX3E6TS8SFB9
04 The command output should return the selected distribution configuration information:
{
"ETag": "E3U5EKI9N4FXZO",
"DistributionConfig": {
"Comment": "",
"CacheBehaviors": {
"Quantity": 0
},
"Logging": {
"Bucket": "",
"Prefix": "",
"Enabled": false,
"IncludeCookies": false
},
...
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"Aliases": {
"Items": [
"media.cloudconformity.com"
],
"Quantity": 1
}
}
}
05 Modify the configuration information returned at the previous step to enable access logging by editing the Logging config object (highlighted) and save the new configuration in a JSON document named distconfig-logging-enabled.json:
{
"ETag": "E3U5EKI9N4FXZO",
"DistributionConfig": {
"Comment": "",
"CacheBehaviors": {
"Quantity": 0
},
"Logging": {
"Bucket": "aws-cf-access-logs.s3.amazonaws.com",
"Prefix": "cloudconformity",
"Enabled": true,
"IncludeCookies": true
},
"WebACLId": "",
"Origins": {
"Items": [
{
"OriginPath": "/static/images",
"CustomOriginConfig": {
"OriginProtocolPolicy": "https-only",
"HTTPPort": 80,
"OriginSslProtocols": {
"Items": [
"TLSv1.2"
],
"Quantity": 1
},
"HTTPSPort": 443
},
"CustomHeaders": {
"Quantity": 0
},
"Id": "custom-cloudconformity.com-images",
"DomainName": "cloudconformity.com"
}
],
"Quantity": 1
},
"DefaultRootObject": "index.html",
"PriceClass": "PriceClass_All",
"Enabled": true,
"DefaultCacheBehavior": {
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"TargetOriginId": "custom-cloudconformity.com-images",
"ViewerProtocolPolicy": "https-only",
"ForwardedValues": {
"Headers": {
"Quantity": 0
},
"Cookies": {
"Forward": "none"
},
"QueryString": false
},
"MaxTTL": 31536000,
"SmoothStreaming": false,
"DefaultTTL": 86400,
"AllowedMethods": {
"Items": [
"HEAD",
"DELETE",
"POST",
"GET",
"OPTIONS",
"PUT",
"PATCH"
],
"CachedMethods": {
"Items": [
"HEAD",
"GET",
"OPTIONS"
],
"Quantity": 3
},
"Quantity": 7
},
"MinTTL": 0,
"Compress": false
},
"CallerReference": "my-cf-web-distribution-2016-08-05",
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "SSLv3",
"CertificateSource": "cloudfront"
},
"CustomErrorResponses": {
"Quantity": 0
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"Aliases": {
"Items": [
"media.cloudconformity.com"
],
"Quantity": 1
}
}
}
06 Run update-distribution command (OSX/Linux/UNIX) to update your AWS Cloudfront distribution. The following command example updates a CloudFront CDN web distribution with the ID E2RX3E6TS8SFB9 and the ETag E3U5EKI9N4FXZO (an ETag is a header ID exposed when a CDN distribution configuration is retrieved, e.g. "ETag": "E3U5EKI9N4FXZO", as shown in the previous step), using a JSON configuration document with the file name distconfig-logging-enabled.json:
aws cloudfront update-distribution
--id E2RX3E6TS8SFB9
--distribution-config file://distconfig-logging-enabled.json
--if-match E3U5EKI9N4FXZO
07The command output should return the metadata for the updated distribution:
{
"Distribution": {
"Status": "InProgress",
"DomainName": "d1ams0mx9tn8g.cloudfront.net",
"InProgressInvalidationBatches": 0,
"DistributionConfig": {
"Comment": "",
"CacheBehaviors": {
"Quantity": 0
},
"Logging": {
"Bucket": "aws-cf-access-logs.s3.amazonaws.com",
"Prefix": "cloudconformity",
"Enabled": true,
"IncludeCookies": true
},
...
"Aliases": {
"Items": [
"media.cloudconformity.com"
],
"Quantity": 1
}
},
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"LastModifiedTime": "2016-08-26T14:23:10.873Z",
"Id": "E2RX3E6TS8SFB9"
},
"ETag": "E3U5EKI9N4FXZO"
}