CloudFront logging is disabled
ID |
aws_cloudfront_logging |
Severity |
low |
Vendor |
AWS |
Resource |
Logging |
Tags |
non-reachable |
Description
CloudFront logging is disabled. It is necessary to track all viewer requests for the content delivered through the Content Delivery Network (CDN).
To fix it you must configure logging.enabled=true.
Learn more about this topic at AWS CloudFront Logging requests.
Examples
---
- name: Example playbook
hosts: localhost
tasks:
- name: create a distribution
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
origins:
- id: 'my test origin-000111'
domain_name: www.example.com
origin_path: /production
custom_headers:
- header_name: MyCustomHeaderName
header_value: MyCustomHeaderValue
default_cache_behavior:
target_origin_id: 'my test origin-000111'
forwarded_values:
query_string: true
cookies:
forward: all
headers:
- '*'
viewer_protocol_policy: allow-all
smooth_streaming: true
compress: true
allowed_methods:
items:
- GET
- HEAD
cached_methods:
- GET
- HEAD
enabled: false
comment: this is a CloudFront distributionMitigation / Fix
---
- name: Example playbook
hosts: localhost
tasks:
- name: create a distribution
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
origins:
- id: 'my test origin-000111'
domain_name: www.example.com
origin_path: /production
custom_headers:
- header_name: MyCustomHeaderName
header_value: MyCustomHeaderValue
default_cache_behavior:
target_origin_id: 'my test origin-000111'
forwarded_values:
query_string: true
cookies:
forward: all
headers:
- '*'
viewer_protocol_policy: allow-all
smooth_streaming: true
compress: true
allowed_methods:
items:
- GET
- HEAD
cached_methods:
- GET
- HEAD
logging:
enabled: true
include_cookies: false
bucket: mylogbucket.s3.amazonaws.com
prefix: myprefix/
enabled: false
comment: this is a CloudFront distribution with logging