As an operator, I need easier access to the CloudFront logs so that when there is an outage, it is relatively straight forward to see what errors CloudFront is seeing.
Details
As part of the site certificate update, the full certificate chain was not pushed to NetScaler or the Palo Alto firewall. This caused CloudFront to fail because it couldn't validate the certificate without the issuer certificate. We had to dig through the S3 bucket to get recent logs. If there is a way to make these quicker to access, we should investigate doing that work.
Acceptance Criteria
[ ] Access to CloudFront logs is documented
[ ] Access to recent CloudFront logs is easier than digging through an S3 bucket
Definition of Done
Operators can quickly identify where to get the CloudFront logs and access them.
We can pipe the CloudFront logs to NewRelic. We can to do an estimate on the size of the logs and consult with NewRelic folks on the cost of this change.
User Story
As an operator, I need easier access to the CloudFront logs so that when there is an outage, it is relatively straight forward to see what errors CloudFront is seeing.
Details
As part of the site certificate update, the full certificate chain was not pushed to NetScaler or the Palo Alto firewall. This caused CloudFront to fail because it couldn't validate the certificate without the issuer certificate. We had to dig through the S3 bucket to get recent logs. If there is a way to make these quicker to access, we should investigate doing that work.
Acceptance Criteria
Definition of Done