CloudFront - ALB log mapping

0

Hello I have a question about how i should map logs of the Cloudfront and ALB As far as i know in cloudfront we have a header "X-Amz-Cf-Id" which is ok but i can not see this on alb logs. Is there a way solve this problem?

2 Answers
2
Accepted Answer

The ALB access logs cannot be modified so you will not be able to add the CloudFront header to the logs.

I suggest you do the correlation through the access logs of the backend servers associated with the ALB target group.

CloudFront adds a unique X-Amz-Cf-Id per request and the ALB adds a unique X-Amzn-Trace-Id per request.

See example:

GET / HTTP/1.1
X-Amzn-Trace-Id: Root=1-66b33ac1-6e2231ed111cb89e07ebea31
X-Amz-Cf-Id: Zntch4-jkKYpJqnt-kygTeKP3jSDtt1WXhxqLZVzsGao1EuwtCe4OA==
 ....    
profile pictureAWS
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile picture
EXPERT
reviewed 2 months ago
  • Thank you for your help but this only will help when the request reach 100% you backend if there is a problem between CloudFront and ALB, I can not find it easily. Does this "X-Amzn-Trace-Id" value added to the all response headers?

  • This header is added to the request being sent from the ALB to the target group (not the response). see here https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-request-tracing.html.

    If you find an entry in the ALB access log with trace_id containing a value that is not present in the backend server access log it is an indication for you that the request has failed between the ALB and the target group.

  • Thank you for your help

1

Hello vahag

The issue: While Cloudfront provides a unique identifier (X-Amz-Cf-Id) for each request, ALB logs lack a similar direct correlation. This makes it challenging to directly link requests across both services.

Relevant Documentation to resolve the issue:

profile picture
EXPERT
Sandeep
answered 2 months ago
  • So you mean, where is not way to do the mapping with IDs we should check and compare the Time/Path/Method and ...?

  • no direct, built-in mechanism to correlate CloudFront and ALB logs using unique identifiers like CloudFront's X-Amz-Cf-Id

  • Thank you for you help

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions