aws-cloudformationamazon-cloudfront
How to attach Real-time log to a Distribution in CloudFormation
I have created a real time logging configuration. However, I cannot find how to attach it to the for a CloudFront distribution. The CloudFront template to create the real time logging is:
KinesisDataStream:
Type: AWS::Kinesis::Stream
Properties:
Name: my-stream
RetentionPeriodHours: 24
ShardCount: 1
RealTimeLogggingRole:
Type: AWS::IAM::Role
Properties:
Tags:
- Key: Name
Value: my-role
Path: "/"
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service: cloudfront.amazonaws.com
Policies:
- PolicyName: po-real-time-logging-policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- kinesis:DescribeStreamSummary
- kinesis:DescribeStream
- kinesis:PutRecord
- kinesis:PutRecords
Resource:
- !GetAtt KinesisDataStream.Arn
RealTimeLoggging:
Type: AWS::CloudFront::RealtimeLogConfig
Properties:
Name: my-logging
SamplingRate: 100
Fields:
- timestamp
- c-ip
- cs-host
- cs-uri-stem
- cs-headers
EndPoints:
- StreamType: Kinesis
KinesisStreamConfig:
RoleArn: !GetAtt RealTimeLogggingRole.Arn
StreamArn: !GetAtt KinesisDataStream.Arn
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
...
And I can attach it to the distributino the the GUI:
But I cannot find how to do this using the CloudFormation?
Solution
You have to update your AWS::CloudFront::Distribution DefaultCacheBehavior and set RealtimeLogConfigArn:
RealtimeLogConfigArn: !Ref RealTimeLoggging
- AWS Glue JDBC Connection created using Cloud Formation is not setting the password
- Fixing yaml indentation with python
- Refactor AWS cdk stack into multiple smaller stacks
- How to get the ARN of an SSM Document in CloudFormation?
- cloudformation ecs force new deployement
- AWS CloudFormation EC2 UserData - Using an "!If"
- Nested Step Function in a Step Function: Unknown Error: "...not authorized to create managed-rule"
- "An error occurred: LogGroup - <resource name> already exists" while trying to deploy Serverless
- Create a Lambda notification in an S3 bucket with CloudFormation
- User is not authorized to perform: cloudformation:CreateStack
- CloudFormation Error: Subscription Property Expects Array but Received Object
- How to add S3 BucketPolicy with AWS CDK?
- Creating lambda function through CloudFormation by uploading code in s3 bucket
- AWS Lambda parameter passing error | API Gateway
- How do you specify GitHub access token with CodeBuild from CloudFormation
- How can I get more detailed information out of CloudFormation's "modify" changesets?
- Sceptre CodePipeline FilePaths configuration - duplicate filters created
- How can I reference a sceptre/cloudformation parameter in a jinja2 template
- Failed to deploy `ProxyTargetGroup` for RDS Aurora postgresql
- How to specify a secret from SecretManager in CloudFormation container definition
- What commands are being run by VS to publish .net core serverless applications?
- What IAM permissions are needed to use CDK Deploy?
- (ValidationError) when calling the CreateStack operation: Template format error: Every Description member must be a string
- CloudFormation Cross-Region Reference
- Unable to Attach Multiple Security Groups to a Single Network Load Balancer in AWS API Gateway
- Cloudformation Conditional Fails with expected type: JSONObject, found: JSONArray
- AWS Cloudformation Create-Stack Template Error
- Role is not authorized to perform DescribeStream on KinesisStream
- Use a map in CloudFormation to define static dev and prod configs?
- how to load a ETL script to S3 bucket using yaml CloudFormation stack