In this post we will review how to use a CloudFormation template to configure Real-Time Logging to a Kinesis data stream.
First we need to create the kinesis data stream:
KinesisDataStream:
Type: AWS::Kinesis::Stream
Properties:
Name: my-kinesis-data-stream
RetentionPeriodHours: 24
ShardCount: 1
Next, we configure a IAM role with permission to write to the kinesis data stream:
RealTimeLogggingRole:
Type: AWS::IAM::Role
Properties:
Tags:
- Key: Name
Value: my-real-time-logging-role
Path: "/"
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service: cloudfront.amazonaws.com
Policies:
- PolicyName: my-real-time-logging-policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- kinesis:DescribeStreamSummary
- kinesis:DescribeStream
- kinesis:PutRecord
- kinesis:PutRecords
Resource:
- !GetAtt KinesisDataStream.Arn
Now we can configure the real time logging to use the IAM role and the kinesis stream:
RealTimeLoggging:
Type: AWS::CloudFront::RealtimeLogConfig
Properties:
Name: my-real-time-logging
SamplingRate: 100
Fields:
- timestamp
- c-ip
- cs-host
- cs-uri-stem
- cs-headers
EndPoints:
- StreamType: Kinesis
KinesisStreamConfig:
RoleArn: !GetAtt RealTimeLogggingRole.Arn
StreamArn: !GetAtt KinesisDataStream.Arn
The last thing to do, is to configure our CloudFront distribution to use this real time logging:
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
DefaultCacheBehavior:
RealtimeLogConfigArn: !Ref RealTimeLoggging
Notice that the CloudFront distribution displayed here is only partial. For a full example of a CloudFront creation, see this post.
No comments:
Post a Comment