When you set to fetch CloudFront logs, will periodically read logs from the configured S3 bucket. CloudFront logs are useful for auditing/security monitoring and business intelligence.

You’ll need: s3:ListBucket and s3:GetObject permissions for the required S3 bucket

  1. Send your logs to an S3 bucket fetches your CloudFront logs from an S3 bucket. CloudFront access logs are not enabled by default, so you’ll need to set this up.

    For help with this, see Configuring and Using CloudFront Access Logs from AWS.

  2. Add the S3 bucket information

    To use the S3 fetcher, fill out the S3 bucket information on the CloudFront log shipping page. You must be logged in to

    • S3 bucket: Name of the bucket
    • Prefix: The directory where the logs are stored
    • S3 access key and S3 secret key: Your S3 bucket credentials
    • Region: AWS region of the bucket fetches logs that are generated after configuring an S3 bucket. Past logs are not sent to

  3. Check for your logs

    Give your logs a few minutes to get from your system to ours, and then open Kibana.

    If you still don’t see your logs, see log shipping troubleshooting.