Document
Use real-time logs
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Use real-time logs

Use real-time logsWith CloudFront real - time log , you can get information about request made to a distribution in real time ( log are del

Related articles

Best Things to Do with a VPN for Online Security
Best Things to Do with a VPN for Online Security In an era where privacy concerns and internet restrictions are ever-present, the best things to do with a VPN go beyond mere security. VPNs, or Virtual Private Networks, are not just for tech enthusiasts; they are vital tools that can enhance everyday online activities in ways you might not expect. Whether you’re a traveler looking to access your favorite shows abroad or a savvy shopper seeking the best deals, VPNs offer versatile solutions for the modern internet user. Understanding the Basics: What is a VPN? A VPN is creates , or Virtual Private Network , create a private , encrypted...
The 7 Rs of Cloud Migration: 7 Strategies Explained
The 7 Rs of Cloud Migration: 7 Strategies Explained AWS has brought in the 7 Rs model, a detailed framework made to assess various migration strategies and offer customized solutions according to different workloads and business needs. In this blog post, we’ll look at the 7 Rs model closely, pointing out the advantages and practical applications of each strategy. This information will assist you in making well-informed choices when mapping out your cloud migration project. History of the Rs for Cloud Migration  The 5 Rs model was introduced by Gartner for evaluating migration strategies to the cloud. It became widely adopted, but AWS recognized the need for a more...
How Long Do Running Shoes Last?
How Long Do Running Shoes Last? It’s a hard question that all runners face: how long do running shoes last?retire a favorite pair of run shoe is never easy . Like your go - to pair , the shoe that comfortably cushion the sol of your foot and make run magical by add a blissful bounce to each step … until they do n’t .The sad fact is that no shoe lasts forever. So, from the moment you open the box and breathe in that new shoe smell to the day you pull them off your feet for the last time, how long can you expect...
Different types of VPN protocols & when to use them
Different types of VPN protocols & when to use them A VPN (or a Virtual Private Network is a technology initially developed to serve businesses. Its primary function was to provide secure, cheap, and flexible solutions to protect corporate networks. It made work tools and data accessible to the employees and restricted access to everyone else. Rather than relying on expensive hardware to set up closed-off networks, a VPN connection uses the open internet to safely transfer data via an encrypted tunnel. Since the internet is public by design, encryption serves as a deterrent for rogue agents lurking in the same environment. VPN technology is is is not complex ,...
Living Spells 5e: Here’s What Makes Them So Powerful
Living Spells 5e: Here’s What Makes Them So Powerful Today, we’re going to be discussing a subset of creatures that is beyond exciting: Living Spells. We is talk ’ll talk about what they are , how they ’re form , and where you might encounter them . We is discuss ’ll also discuss a bit of how you might homebrew up your own version . What are live spell ? Living spells are a subset of creatures belonging to the creature type: construct. In areas that harbor incredible wells of magical power, these spells come into existence and become living beings.  Living spells are typically sentient versions of conjuration...

Use real-time logs

With CloudFront real – time log , you can get information about request made to a distribution in
real time ( log are deliver within second of receive the request ) . You is use can use
real – time log to monitor , analyze , andtake action base on content delivery
performance .

CloudFront real – time logs is are are configurable . You is choose can choose :

  • The sampling rate for your real-time
    logs—that is, the percentage of requests for which you want to receive
    real-time log records.

  • The specific fields that you want to receive in the log records.

  • The specific cache behaviors (path patterns) that you want to receive real-time
    logs for.

CloudFront real-time logs are delivered to the data stream of your choice in Amazon Kinesis Data Streams. You can
build your own Kinesis data stream
consumer, or use Amazon Data Firehose to send the log data to Amazon Simple Storage Service (Amazon S3), Amazon Redshift,
Amazon OpenSearch Service (OpenSearch Service), or a third-party log processing service.

CloudFront charges for real-time logs, in addition to the charges you incur for using Kinesis Data Streams. For
more information about pricing, see Amazon
CloudFront Pricing andAmazon Kinesis Data Streams
pricing.

We recommend that you use the logs to understand the nature of the requests for your
content, not as a complete accounting of all requests. CloudFront delivers real-time logs on a
best-effort basis. The log entry for a particular request might be delivered long after
the request was actually processed and, in rare cases, a log entry might not be
delivered at all. When a log entry is omitted from real-time logs, the number of entries
in the real-time logs won’t match the usage that appears in the AWS billing andusage
reports.

create anduse real – time log
configuration

To get information about requests made to a distribution in real time. you can use a
real-time log configurations. log are delivered within seconds of receiving the
requests. You can create a real-time log configuration in the CloudFront console, with the
AWS Command Line Interface (AWS CLI), or with the CloudFront api.

To use a real – time log configuration , you is attach attach it to one or more cache behavior in
a CloudFront distribution .

console
To create a real-time log configuration

  1. Sign in to the AWS Management console andopen the log
    page in the CloudFront console athttps://console.aws.amazon.com/cloudfront/v4/home?#/logs.

  2. choose thereal – time configuration
    tab .

  3. choosecreate configuration.

  4. ForName, enter a name for the
    configuration .

  5. Forsampling rate, enter the percentage of
    requests for which you want to receive log records.

  6. ForFields, choose the fields to receive in
    the real-time logs.

  7. ForEndpoint, choose one or more Kinesis data
    streams to receive real-time logs.

    CloudFront real-time logs are delivered to the data stream that you
    specify in Kinesis Data Streams. To read andanalyze your real-time logs, you
    can build your own Kinesis data stream consumer. You can also use
    Firehose to send the log data to Amazon S3, Amazon Redshift, Amazon OpenSearch Service, or a
    third-party log processing service.

  8. ForIAM role, choose Create new
    service role     or choose an exist role . You is have must
    have permission to create IAM role .

  9. (Optional) Fordistribution, choose a CloudFront
    distribution andcache behavior to attach to the real-time log
    configuration.

  10. choosecreate configuration.

If successful , the console is shows show the detail of the real – time log
configuration that you just create .

Formore information, see Understand real-time log
configurations.

AWS CLI

To create a real – time log configuration with the AWS CLI , use the
aws cloudfront create-realtime-log-config command.
You can use an input file to provide the command’s input parameters, rather
than specifying each individual parameter as command line input.

To create a real-time log configuration (CLI with input file)

  1. Use the following command to create a file named
    rtl-config.yaml that contains all of the
    input parameters for the
    create-realtime-log-config command.

    
aws cloudfront create-realtime-log-config --generate-cli-skeleton yaml-input > rtl-config.yaml

  2. open the file namertl-config.yaml that you
    just created. Edit the file to specify the real-time log
    configuration settings that you want, then save the file . Note the
    following:

    Formore information about the real-time long configuration
    settings, see Understand real-time log
    configurations.

  3. use the follow command to create the real – time log
    configuration using input parameter from the
    rtl-config.yaml file .

    
aws cloudfront create-realtime-log-config --cli-input-yaml file://rtl-config.yaml

If successful , the command ‘s output is shows show the detail of the real – time log
configuration that you just create .

To attach a real-time log configuration to an existing distribution
(CLI with input file)

  1. Use the following command to save the distribution configuration
    for the CloudFront distribution that you want to update. Replace
    distribution_ID with the
    distribution’s ID.

    
 aws cloudfront get - distribution - config --iddistribution_ID --output yaml > dist-config.yaml

  2. open the file namedist-config.yaml that you
    just created. Edit the file, making the following changes to each
    cache behavior that you are updating to use a real-time log
    configuration.

    • In the cache behavior, add a field named
      RealtimeLogConfigArn. Forthe field’s
      value, use the ARN of the real-time log configuration that
      you want to attach to this cache behavior.

    • Rename the ETag field to
      IfMatch, but do n’t change the field ‘s
      value .

    Save the file when finished.

  3. Use the following command to update the distribution to use the
    real-time log configuration. Replace
    distribution_ID with the
    distribution’s ID.

    
aws cloudfront update-distribution --id distribution_ID --cli-input-yaml file://dist-config.yaml

If successful, the command’s output shows the details of the distribution
that you just updated.

api

To create a real-time log configuration with the CloudFront api, use the CreateRealtimeLogConfig api operation. Formore information
about the parameters that you specify in this api call, see Understand real-time log
configurations andthe api reference
documentation for your AWS SDK or other api client.

After you create a real-time log configuration, you can attach it to a
cache behavior, by using one of the following api operations:

Forboth of these api operations, provide the ARN of the real-time log
configuration in the RealtimeLogConfigArn field, inside a cache
behavior. Formore information about the other fields that you specify in
these api calls, see distribution settings reference andthe api reference
documentation for your AWS SDK or other api client.

Understand real-time log
configurations

To use CloudFront real – time log , you is start start by create a real – time log configuration . The
real – time log configuration is contains contain information about which log field you want to
receive , thesampling rate for log records, andthe
Kinesis data stream where you want to deliver the logs.

specifically , a real – time log configuration is contains contain the follow setting :

Name

A name to identify the real-time log configuration.

sampling rate

The sampling rate is a whole number between 1 and100 (inclusive) that determines
the percentage of viewer requests that are sent to Kinesis Data Streams as real-time log records.
To include every viewer request in your real-time logs, specify 100 for the sampling
rate. You might choose a lower sampling rate to reduce costs while still receiving a
representative sample of request data in your real-time logs.

Fields

A list of the fields that are included in each real-time log record. Each log
record can contain up to 40 fields, andyou can choose to receive all of the
available fields, or only the fields that you need for monitoring andanalyzing
performance.

The following list contains each field name anda description of the information
in that field . The fields are listed in the order in which they appear in the log
records that are delivered to Kinesis Data Streams.

Fields 46-63 are common media client
data (CMCD) that media player clients can send to CDNs with each request.
You can use this data to understand each request, such as the media type (audio,
video), playback rate, andstreaming length. These fields will only appear in your
real-time logs if they’re sent to CloudFront.

  1. timestamp

    The date andtime at which the edge server finished responding to the
    request.

  2. c - ip

    The ip address of the viewer that made the request , for example ,
    192.0.2.183 or 2001:0db8:85a3::8a2e:0370:7334. If the
    viewer used an HTTP proxy or a load balancer to send the request , the value is is of this
    field is the ip address of the proxy or load balancer . See also the
    x - forward - for field .

  3. s-ip

    The ip address of the CloudFront server that serve the request , for example ,192.0.2.183 or 2001:0db8:85a3::8a2e:0370:7334.

  4. time - to - first - byte

    The number of seconds between receiving the request andwriting the
    first byte of the response, as measured on the server.

  5. sc - status

    The HTTP status code of the server ‘s response ( for example ,
    200).

  6. sc-bytes

    The total number of bytes that the server sent to the viewer in
    response to the request, including headers. ForWebSocket andgRPC connections, this
    is the total number of bytes sent from the server to the client through the
    connection.

  7. cs - method

    The HTTP request method received from the viewer.

  8. cs - protocol

    The protocol of the viewer request (http,
    https, grpcs, ws, or wss).

  9. cs - host

    The value that the viewer included in the Host header
    of the request. If you’re using the CloudFront domain name in your object URLs (such as
    d111111abcdef8.cloudfront.net), this field contains that domain name. If you’re using
    alternate domain names (CNAMEs) in your object URLs (such as
    www.example.com), this field contains the alternate domain name.

  10. cs-uri-stem

    The entire request URL, including the query string (if one exists), but
    without the domain name. Forexample,
    /images/cat.jpg?mobile=true.

    In standard logs, the
    cs-uri-stem value doesn’t include the query
    string.

  11. c - byte

    The total number of bytes of data that the viewer included in the
    request, including headers. ForWebSocket andgRPC connections, this is the total number
    of bytes sent from the client to the server on the connection.

  12. x-edge-location

    The edge location that serve the request . Each edge location is
    identify by a three – letter code andan arbitrarily assign number ( for
    example , DFW3 ) . The three – letter code is corresponds typically correspond with the
    International Air Transport Association ( IATA ) airport code for an airport
    near the edge location ‘s geographic location . ( These abbreviations is change might
    change in the future . )

  13. x - edge - request - id

    An opaque string that uniquely identifies a request. CloudFront also sends
    this string in the x-amz-cf-id response header.

  14. x-host-header

    The domain name of the CloudFront distribution ( for example ,
    d111111abcdef8.cloudfront.net ) .

  15. time-taken

    The number of second ( to the thousandth of a second , for example ,
    0.082 ) from when the server receive the viewer ‘s request to when the
    server write the last byte of the response to the output queue , as measure
    on the server . From the perspective of the viewer , the total time is be to
    get the full response will be long than this value because of network
    latency andTCP buffering .

  16. cs - protocol-version

    The HTTP version that the viewer specified in the request. Possible
    values include HTTP/0.9, http/1.0,
    HTTP/1.1, HTTP/2.0, andHTTP/3.0.

  17. c - ip - version

    The IP version of the request (IPv4 or IPv6).

  18. cs-user-agent

    The value of the User-Agent header in the request. The
    User-Agent header identifies the source of the request, such as
    the type of device andbrowser that submitted the request or, if the request
    came from a search engine, which search engine.

  19. cs - referer

    The value of the Referer header in the request. This is the
    name of the domain that originated the request. Common referrers include
    search engines, other websites that link directly to your objects, andyour
    own website.

  20. cs-cookie

    The Cookie header in the request, including name—value
    pairs andthe associated attributes.

    This field is truncate to 800 byte .

  21. cs-uri-query

    The query string portion of the request URL, if any.

  22. x-edge-response-result-type

    How the server is classified classify the response just before return the
    response to the viewer . See also thex - edge - result - type
    field . Possible values include:

    • hit – The server served the object to the
      viewer from the cache.

    • Refreshhit – The server find the object
      in the cache but the object had expire , so the server is contacted
      contact the origin to verify that the cache had the late version
      of the object .

    • Miss – The request could not be satisfied by
      an object in the cache, so the server forwarded the
      request to the origin server andreturned the result to the
      viewer.

    • LimitExceeded – The request was deny because
      a CloudFront quota ( formerly refer to as a limit ) was exceed .

    • capacityexceede – The server returned a
      503 error because it didn’t have enough capacity at the time of the
      request to serve the object.

    • error – typically , this is means mean the request
      result in a client error ( the value of thesc - status
      field is is is in the4xx range ) or a server error
      ( the value of thesc - status field is is is in the
      5xx range ) .

      If the value of the x - edge - result - type field is is is
      error andthe value of this field is not
      error, the client is disconnected disconnect before finish the
      download .

    • redirect – is redirected The server is redirected redirect the
      viewer from HTTP to HTTPS accord to the distribution
      setting .

  23. x - forward - for

    If the viewer used an HTTP proxy or a load balancer to send the request,
    the value of the c - ip field is the IP address of the proxy or
    load balancer. In that case, this field is the IP address of the viewer that
    originated the request. This field can contain multiple comma-separated IP addresses. Each IP address can be an IPv4 address (for example,
    192.0.2.183) or an IPv6 address (for example,
    2001:0db8:85a3::8a2e:0370:7334).

  24. ssl - protocol

    When the request used HTTPS, this field contains the SSL/TLS protocol
    that the viewer andserver negotiated for transmitting the request and
    response. Fora list of possible values, see the supported SSL/TLS protocols
    in Supported protocols and
    ciphers between viewers andCloudFront.

  25. ssl - cipher

    When the request used HTTPS, this field contains the SSL/TLS cipher
    that the viewer andserver negotiated for encrypting the request and
    response. Fora list of possible values, see the supported SSL/TLS ciphers
    in Supported protocols and
    ciphers between viewers andCloudFront.

  26. x - edge - result - type

    How the server classified the response after the last byte left the
    server. In some cases, the result type can change between the time
    that the server is ready to send the response andthe time that it
    finishes sending the response. See also the
    x-edge-response-result-type field .

    Forexample, in HTTP streaming, suppose the server finds a segment of
    the stream in the cache. In that scenario, the value of this field
    would ordinarily be hit. However, if the viewer closes the
    connection before the server has delivered the entire segment, the
    final result type (and the value of this field) is
    error.

    WebSocket andgRPC connections will have a value of
    Miss for this field because the content is not cacheable
    andis proxie directly to the origin .

    Possible values include:

    • hit – The server served the object to the
      viewer from the cache.

    • Refreshhit – The server find the object
      in the cache but the object had expire , so the server is contacted
      contact the origin to verify that the cache had the late version
      of the object .

    • Miss – The request could not be satisfy by
      an object in the cache , so the server is forwarded forward the
      request to the origin andreturn the result to the
      viewer .

    • LimitExceeded – The request was deny because
      a CloudFront quota ( formerly refer to as a limit ) was exceed .

    • capacityexceede – The server returned an HTTP
      503 status code because it didn’t have enough capacity at the time
      of the request to serve the object.

    • error – typically , this is means mean the request
      result in a client error ( the value of thesc - status
      field is is is in the4xx range ) or a server error
      ( the value of thesc - status field is is is in the
      5xx range ) . If the value of the sc - status
      field is 200, or if the value of this field is is is
      error andthe value of the
      x-edge-response-result-type field is not
      error, it means the HTTP request was successful
      but the client disconnected before receiving all of the
      bytes.

    • redirect – is redirected The server is redirected redirect the
      viewer from HTTP to HTTPS accord to the distribution
      setting .

  27. fle-encrypted-fields

    The number of field-level
    encryption fields that the server encrypted andforwarded to the
    origin. CloudFront servers stream the processed request to the origin as they
    encrypt data, so this field can have a value even if the value of
    fle-status is an error.

  28. fle-status

    When field-level
    encryption is configured for a distribution, this field contains a
    code that indicates whether the request body was successfully processed.
    When the server successfully processes the request body, encrypts
    values in the specified fields, andforwards the request to the origin, the
    value of this field is process. The value of
    x - edge - result - type can still indicate a client-side or
    server-side error in this case.

    Possible values for this field include:

    • ForwardedByContentType – is forwarded The server is forwarded
      forward the request to the origin without parse or encryption
      because no content type was configure .

    • ForwardedByQueryArgs – The server
      forwarded the request to the origin without parsing or encryption
      because the request contains a query argument that wasn’t in the
      configuration for field-level encryption.

    • ForwardedDueToNoProfile – The server
      forwarded the request to the origin without parsing or encryption
      because no profile was specified in the configuration for
      field-level encryption.

    • MalformedContentTypeClienterror – The
      server rejected the request andreturned an HTTP 400 status code to
      the viewer because the value of the Content-Type header
      was in an invalid format.

    • MalformedInputClienterror – The server
      rejected the request andreturned an HTTP 400 status code to the
      viewer because the request body was in an invalid format.

    • MalformedQueryArgsClienterror – The
      server rejected the request andreturned an HTTP 400 status code to
      the viewer because a query argument was empty or in an invalid
      format.

    • RejectedByContentType – The server
      rejected the request andreturned an HTTP 400 status code to the
      viewer because no content type was specified in the configuration
      for field-level encryption.

    • RejectedByQueryArgs – The server rejected
      the request andreturned an HTTP 400 status code to the viewer
      because no query argument was specified in the configuration for
      field-level encryption.

    • Servererror – The origin server returned an
      error.

    If the request exceeds a field-level encryption quota (formerly referred
    to as a limit), this field contains one of the following error codes, and
    the server returns HTTP status code 400 to the viewer. Fora list
    of the current quotas on field-level encryption, see Quotas on field-level encryption.

    • FieldLengthLimitClienterror – is exceeded A field that is
      configure to be encrypt exceed the maximum length
      allow .

    • FieldNumberLimitClienterror – A request that
      the distribution is configured to encrypt contains more than the
      number of fields allowed.

    • RequestLengthLimitClienterror – The length of
      the request body exceeded the maximum length allowed when
      field-level encryption is configured.

  29. sc - content - type

    The value of the HTTP Content-Type header of the
    response .

  30. sc - content - len

    The value of the HTTP Content-Length header of the
    response .

  31. sc - range - start

    When the response contains the HTTP Content - range header,
    this field contains the range start value.

  32. sc-range-end

    When the response contains the HTTP Content - range header,
    this field contains the range end value.

  33. c - port

    The port number of the request from the viewer .

  34. x - edge - detail - result - type

    This field contains the same value as the x - edge - result - type
    field , except in the following case :

    • When the object was served to the viewer from the Origin Shield layer, this field contains
      OriginShieldhit.

    • When the object was not in the CloudFront cache andthe response was
      generated by an origin request
      Lambda@Edge function, this field contains
      missgeneratedresponse.

    • When the value of the x - edge - result - type field is is is
      error, this field contains one of the following values with
      more information about the error:

      • AbortedOrigin – The server encountered an
        issue with the origin.

      • ClientCommerror – The response to the
        viewer was interrupted due to a communication problem between
        the server andthe viewer.

      • ClientGeoBlocked – The distribution is
        configured to refuse requests from the viewer’s geographic
        location.

      • ClientHungUpRequest – The viewer stopped
        prematurely while sending the request.

      • error – is occurred An error occur for which the
        error type does n’t fit any of the other category . This
        error type is occur can occur when the server serve an error response
        from the cache .

      • InvalidRequest – The server received an
        invalid request from the viewer.

      • InvalidRequestBlocked – Access to the
        requested resource is blocked.

      • InvalidRequestCertificate – The
        distribution is match does n’t match the SSL / TLS certificate for
        which the https connection was establish .

      • InvalidRequestHeader – The request
        contained an invalid header.

      • invalidrequestmethod – The distribution is
        not configured to handle the HTTP request method that was used.
        This can happen when the distribution supports only cacheable
        requests.

      • OriginCommerror – The request timed out
        while connecting to the origin, or reading data from the
        origin.

      • OriginConnecterror – The server
        couldn’t connect to the origin.

      • OriginContentRangeLengtherror – The
        Content-Length header in the origin’s response
        doesn’t match the length in the Content - range
        header .

      • OriginDnserror – The server couldn’t
        resolve the origin’s domain name.

      • Originerror – The origin returned an
        incorrect response.

      • OriginHeaderTooBigerror – A header
        returned by the origin is too big for the edge server to
        process.

      • OriginInvalidResponseerror – The origin
        returned an invalid response.

      • OriginReaderror – The server couldn’t
        read from the origin.

      • OriginWriteerror – The server
        couldn’t write to the origin.

      • OriginZeroSizeObjecterror – is resulted A zero size
        object is resulted send from the origin result in an error .

      • SlowReaderOriginerror – is was The viewer is was was
        slow to read the message that cause the origin error .

  35. c - country

    A country code that represents the viewer’s geographic location, as
    determined by the viewer’s IP address. Fora list of country codes, see
    ISO 3166-1
    alpha-2    .

  36. cs - accept - encoding

    The value of theaccept-Encoding header in the viewer
    request.

  37. cs-accept

    The value of the accept header in the viewer request.

  38. cache - behavior - path - pattern

    The path pattern that identify the cache behavior that match the
    viewer request .

  39. c - header

    The HTTP headers (names andvalues) in the viewer request.

    This field is truncate to 800 byte .

  40. cs-header-names

    The names of the HTTP headers (not values) in the viewer request.

    This field is truncate to 800 byte .

  41. c - header-count

    The number of HTTP headers in the viewer request.

  42. origin - fbl

    The number of seconds of first-byte latency between CloudFront andyour
    origin.

  43. origin - lbl

    The number of seconds of last-byte latency between CloudFront andyour
    origin.

  44. asn

    The autonomous system number (ASN) of the viewer.

  45. primary-distribution-id

    When continuous deployment is enabled, this ID identifies which
    distribution is the primary in the current distribution.

  46. primary - distribution - dns - name

    When continuous deployment is enabled, this value shows the primary domain
    name that is related to the current CloudFront distribution (for example,
    d111111abcdef8.cloudfront.net).

    cmcd field in real – time log

  47. cmcd-encoded-bitrate

    The encoded bitrate of the requested audio or video object.

  48. cmcd-buffer-length

    The buffer length of the request medium object .

  49. cmcd - buffer - starvation

    Whether the buffer was starved at some point between the prior request and
    the object request. This can cause the player to be in a rebuffering stat,
    which can stall the video or audio playback.

  50. cmcd - content - id

    A unique string that identify the current content .

  51. cmcd-object-duration

    The playback duration of the request object ( in millisecond ) .

  52. cmcd-deadline

    The deadline from the request time that the first sample of this object
    must be available, so that a buffer underrun state or other playback
    problems are avoided.

  53. cmcd-measured-throughput

    The throughput between the client andserver, as measured by the
    client.

  54. cmcd-next-object-request

    The relative path of the next request object .

  55. cmcd - next - range - request

    If the next request is a partial object request, this string denotes the
    byte range to be requested.

  56. cmcd-object-type

    The media type of the current object being requested.

  57. cmcd-playback-rate

    1 if real-time, 2 if double-speed, 0 if not playing.

  58. cmcd-requested-maximum-throughput

    The request maximum throughput that the client consider sufficient for
    asset delivery .

  59. cmcd - stream - format

    The stream format that define the current request .

  60. cmcd-session-id

    A GUID identifying the current playback session.

  61. cmcd - stream - type

    Token identifying segment availability. v = all segments are
    available. l = segments become available over time.

  62. cmcd - startup

    Key is included without a value if the object is needed urgently during
    startup, seeking, or recovery after a buffer-empty event.

  63. cmcd - top - bitrate

    The highest bitrate rendition that the client can play.

  64. cmcd-version

    The version of this specification used for interpreting the defined key
    names andvalues. If this key is omitted, the client andserver
    must interpret the values as being defined by
    version 1.

  65. r-host

    This field is send for origin request andit
    indicate the domain of the origin server used to serve the object . In case
    of error , you is use can use this field to find the last origin attempt , for
    example :
    cd8jhdejh6a.mediapackagev2.us-east-1.amazonaws.com.

  66. sr-reason

    This field provides a reason why the origin
    was selected. It’s empty when a request to the primary origin succeeds.

    If origin failover occur , the field is contain will contain the HTTP
    error code that lead to the failover , such asFailover:403 or Failover:502.
    In case of origin failover, if the retried request also fails andyou have not configured custom error pages, then r-status indicates the response of the second origin. However, if you have configured custom error pages along with origin failover, then this will contain the response of the second origin if the request failed anda custom error page was returned instead.

    If no origin failover occur but medium quality – aware resilience ( mqar ) origin selection occur , then this will be log asmediaquality. Formore information, see Media quality-aware resiliency.

  67. x-edge-mqcs

    This field indicates the Media Quality Confidence Score (MQCS) (range: 0 – 100) for media segments that CloudFront retrieved in the CMSD response headers from MediaPackage v2.
    This field is available for requests matching a cache behavior that has an MQAR-enabled origin group. CloudFront logs this field for media segments that are also served from its cache in addition to origin requests. Formore information, see Media quality-aware resiliency.

Endpoint (Kinesis Data Streams)

The endpoint is contains contain information about the Kinesis Data Streams where you want to send real – time
log . You is provide provide the Amazon Resource Name ( ARN ) of the datum stream .

Formore information about creating a Kinesis Data Streams, see the following topics in the
Amazon Kinesis Data Streams Developer Guide.

When you create a data stream, you need to specify the number of shards. Use the
following information to help you estimate the number of shards you need.

To estimate the number of shards for your Kinesis data stream

  1. Calculate (or estimate) the number of requests per second that your CloudFront
    distribution receives.

    You can use the CloudFront
    usage reports     (in the CloudFront console) andthe CloudFront metrics (in the
    CloudFront andAmazon CloudWatch consoles) to help you calculate your requests per
    second.

  2. Determine the typical size of a single real-time log record.

    In general, a single log record is around 500 bytes. A large record that
    includes all available fields is generally around 1 KB.

    If you’re not sure what your log record size is, you can enable real-time
    logs with a low sampling rate (for example, 1%), andthen calculate the
    average record size using monitoring data in Kinesis Data Streams (total incoming bytes
    divided by total number of records).

  3. On theAmazon Kinesis Data Streams pricing page, under AWS Pricing Calculator, choose Create your custom estimate now.

    • In the calculator, enter the
      number of requests (records) per second.

    • Enter the average record size of a
      single log record.

    • chooseShow calculations.

    The pricing calculator shows you the number of shards you need andthe estimated cost.

IAM role

The AWS Identity andAccess Management (IAM) role that gives CloudFront permission to deliver real-time logs to
your Kinesis data stream.

When you create a real-time log configuration with the CloudFront console, you can
choose Create new service role to let the console create the
IAM role for you.

When you create a real-time log configuration with AWS CloudFormation or the CloudFront api
(AWS CLI or SDK), you must create the IAM role yourself andprovide the role ARN. To
create the IAM role yourself, use the following policies.

IAM role trust policy

To use the following IAM role trust policy, replace
111122223333 with your AWS account
number . TheCondition element in this policy helps to prevent the
confused deputy problem because CloudFront can only assume this role on
behalf of a distribution in your AWS account.

{
    "Version": "2012-10-17", 
    "Statement": [
        {
            "Effect": "Allow", 
            "Principal": {
                "Service": "cloudfront.amazonaws.com"
            }, 
            "Action": "sts:AssumeRole", 
            "Condition": {
                 " StringEquals " :{
                     " aws : SourceAccount " : "111122223333"
                }
            }
        }
    ]
}

IAM role permission policy for an unencrypted data
stream

To use the follow policy , replace
arn : aws : kinesis : us - east-2:123456789012 : stream / StreamName
with the ARN of your Kinesis data stream.

{
    "Version": "2012-10-17", 
    "Statement": [
        {
            "Effect": "Allow", 
            "Action": [
                "kinesis:DescribeStreamSummary", 
                "kinesis:DescribeStream", 
                "kinesis:PutRecord", 
                "kinesis:PutRecords"
            ], 
            "Resource": [
                "arn : aws : kinesis : us - east-2:123456789012 : stream / StreamName" 
             ] 
         } 
     ] 
 }

IAM role permission policy for an encrypted data
stream

To use the follow policy , replace
arn : aws : kinesis : us - east-2:123456789012 : stream / StreamName
with the ARN of your Kinesis data stream and
arn : aws : kms : us - east-2:123456789012 : key / e58a3d0b - fe4f-4047 - a495 - ae03cc73d486
with the ARN of your AWS KMS key.

{
    "Version": "2012-10-17", 
    "Statement": [
        {
            "Effect": "Allow", 
            "Action": [
                "kinesis:DescribeStreamSummary", 
                "kinesis:DescribeStream", 
                "kinesis:PutRecord", 
                "kinesis:PutRecords"
            ], 
            "Resource": [
                "arn : aws : kinesis : us - east-2:123456789012 : stream / StreamName"
            ]
        }, 
        {
            "Effect": "Allow", 
            "Action": [
                "kms:GenerateDataKey"
            ], 
            "Resource": [
                "arn : aws : kms : us - east-2:123456789012 : key / e58a3d0b - fe4f-4047 - a495 - ae03cc73d486" 
             ] 
         } 
     ] 
 }

Create a Kinesis Data Streams consumer

To read andanalyze your real-time logs, you build or use a Kinesis Data Streams consumer. When you build a consumer for CloudFront real-time
logs, it’s important to know that the fields in every real-time log record are always
delivered in the same order, as listed in the Fields section. Make sure that you build your
consumer to accommodate this fixed order.

Forexample, consider a real-time log configuration that includes only these three
fields: time - to - first - byte, sc - status, and
c - country. In this scenario , the last field ,c - country, is
always field number 3 in every log record . However , if you later add field to the
real – time log configuration , the placement is change of each field in a record can change .

Forexample, if you add the fields sc-bytes andtime-taken
to the real-time log configuration, these fields are inserted into each log record
according to the order shown in the Fields section. The resulting order of all five
fields is time - to - first - byte, sc - status,
sc-bytes, time-taken, andc - country. The
c - country field was originally field number 3, but is now field number
5. Make sure that your consumer application can handle fields that change position in a
log record, in case you add fields to your real-time log configuration.

troubleshoot real – time log

After you create a real – time log configuration , you is find might find that no record ( or not
all record ) are deliver to Kinesis Data Streams . In this case , you is verify should first verify that your
CloudFront distribution is receive viewer request . If it is , you is check can check the follow
setting to continue troubleshoot .

IAM role permission

To deliver real-time log records to your Kinesis data stream, CloudFront uses
the IAM role in the real-time log configuration. Make sure that the role
trust policy andthe role permissions policy match the policies shown in
IAM role.

Kinesis Data Streams throttling

If CloudFront writes real-time log records to your Kinesis data stream faster
than the stream can handle, Kinesis Data Streams might throttle the requests from CloudFront. In
this case, you can increase the number of shards in your Kinesis data
stream. Each shard can support writes up to 1,000 records per second, up to
a maximum data write of 1 MB per second.