Some of our CloudFront distributions have access logs enabled, which are basic response logs from CloudFront and can be useful for diagnostic purposes.
To give customers self-service access to these logs for their brokered CloudFront distributions, we should ingest them to OpenSearch and ensure they have fields populated associating the logs to the CDN service, org, and space.
Questions
During ingestion, how will we get the CF information (service, org, space), since that information comes from the tags on the CloudFront distribution is not included in the log file contents?
Acceptance criteria
CloudFront access logs are ingested from S3 into OpenSearch and have the following fields populated
@cf.org
@cf.org_id
@cf.space
@cf.space_id
@cf.service - New field for service instance name
@cf.service_id - New field for service instance GUID
CloudFront logs are ingested into the index specific to that organization
Background
Some of our CloudFront distributions have access logs enabled, which are basic response logs from CloudFront and can be useful for diagnostic purposes.
To give customers self-service access to these logs for their brokered CloudFront distributions, we should ingest them to OpenSearch and ensure they have fields populated associating the logs to the CDN service, org, and space.
Questions
Acceptance criteria
@cf.org
@cf.org_id
@cf.space
@cf.space_id
@cf.service
- New field for service instance name@cf.service_id
- New field for service instance GUID