Correlating CloudFront and ALB Logs for End-to-End Transaction Tracing

2 minute read
Content level: Intermediate
3

Tracing requests as they move through CloudFront and ALB can be challenging. This article demonstrates how to correlate logs from these services by leveraging the X-Amz-Cf-Id and X-Amzn-Trace-Id headers automatically injected by CloudFront and ALB. By including these headers in your backend server logs, you can achieve comprehensive end-to-end transaction tracing.

Understanding CloudFront and ALB Headers

When CloudFront forwards an HTTP request to its origin, it automatically injects the X-Amz-Cf-Id header, which contains an opaque string uniquely identifying the request. This value is logged in the CloudFront access logs under the x-edge-request-id field.

Similarly, ALB automatically injects the X-Amzn-Trace-Id header when forwarding a request to the target group. This header's value is logged in the ALB access logs under the trace_id field.

Enriching Backend Server Logs

To effectively correlate logs, it's essential to capture these headers in your backend server's access logs. For instance, to include these headers in Nginx access logs, you would modify the nginx.conf configuration file. Specifically, you would update the log_format directive to extract the header values and log them as additional fields, such as "$http_x_amz_cf_id" and "$http_x_amzn_trace_id".

Correlating Logs Across Services

With these headers now logged on your backend server, you can correlate each transaction across CloudFront and ALB logs. This allows you to trace the complete path of a request, ensuring seamless tracking and troubleshooting.

Solution Diagram

CloudFront, ALB and server access logs