Enable CloudFront logging in prod

Enable event logs in prod CloudFront to: 1. check gateway traffic is reaching us. 2. collect data for a research paper in the making by probelab. Relates to: - ipni/indexstar#93
ipni · Apr 23, 2023 · ecc2996 · ecc2996
1 parent 48cf211
commit ecc2996
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/deploy/infrastructure/prod/us-east-2/cloudfront.tf b/deploy/infrastructure/prod/us-east-2/cloudfront.tf
@@ -2,6 +2,16 @@ locals {
   indexstar_origin_id     = "${local.environment_name}_${local.region}_indexstar"
   http_announce_origin_id = "${local.environment_name}_${local.region}_assigner"
   cdn_subdomain           = "cdn"
+  cf_log_bucket = "${local.environment_name}-${local.region}-cf-log"
+}
+
+resource "aws_s3_bucket" "cf_logs" {
+  bucket = local.cf_log_bucket
+}
+
+resource "aws_s3_bucket_acl" "cf_logs_acl" {
+  bucket = aws_s3_bucket.cf_logs.id
+  acl    = "private"
 }
 
 resource "aws_cloudfront_distribution" "cdn" {
@@ -14,6 +24,12 @@ resource "aws_cloudfront_distribution" "cdn" {
   ]
   price_class = "PriceClass_All"
 
+  logging_config {
+    include_cookies = false
+    bucket          = aws_s3_bucket.cf_logs.bucket_domain_name
+    prefix          = "${local.environment_name}_${local.region}"
+  }
+
   # storetheindex/indexstar ingress.
   origin {
     domain_name = "indexstar.${aws_route53_zone.prod_external.name}"