I m trying to set up logging for my Cloudfront distributions Pulumi Community #aws

I'm trying to set up logging for my Cloudfront dis...

polite-napkin-90098

12/03/2024, 4:28 PM

I'm trying to set up logging for my Cloudfront distributions. In the AWS console I see a legacy s3 option, and then v2 CloudWatch, Kinesis and S3 options. In pulumi, with either the aws classic or the aws native (cloud control) module I only see options for s3 or kinesis. I would like to use Cloudwatch if I can as that's where all my ECS logs go. Is there a way to do this with pulumi?

modern-zebra-45309

12/03/2024, 6:49 PM

It doesn't seem to be possible to configure this through CloudFormation (yet): AWS::CloudFront::Distribution Logging only has an S3 option. This usually means that it's not possible to configure it via

aws-native

either, because both use the AWS Cloud Control API.

modern-zebra-45309

12/03/2024, 6:52 PM

The

aws

package uses the Terraform provider under the hood, where it's not available either. Here's an upstream issue that tracks the general capability: https://github.com/hashicorp/terraform-provider-aws/issues/40250

modern-zebra-45309

12/03/2024, 6:53 PM

For anyone who like me didn't know about the new log destinations in CloudFront, this was announced November 20th: Amazon CloudFront now supports additional log formats and destinations for access logs

polite-napkin-90098

12/04/2024, 8:40 PM

Yeah, so I made the Cloudwatch log groups with pulumi (they need to be in the us-east-1 region as Cloudfront is one of those global services) and then clicked the buttons in the web ui to connect them to the Cloudfronts. I left a note for future me to add pulumi to do the linking up when either of the providers' upstreams has implemented it. I wasn't aware the update was so recent. I haven't looked at Cloudfront in months, and then decided I should do something about the logs and found I timed it just right to use the new feature.

33 Views

Open in Slack

Previous Next