--- title: Amazon CloudFront description: >- Amazon CloudFront is a global content delivery network (CDN) service that accelerates delivery of your web assets. breadcrumbs: Docs > Integrations > Amazon CloudFront --- # Amazon CloudFront Integration version1.1.0 ## Overview{% #overview %} Amazon CloudFront is a global content delivery network (CDN) service that accelerates delivery of your websites, APIs, video content or other web assets. Enable this integration to see in Datadog all your CloudFront metrics. ## Setup{% #setup %} ### Installation{% #installation %} If you haven't already, set up the [Amazon Web Services integration first](https://docs.datadoghq.com/integrations/amazon_web_services/). ### Metric collection{% #metric-collection %} 1. In the [AWS integration page](https://app.datadoghq.com/integrations/amazon-web-services), ensure that `CloudFront` is enabled under the `Metric Collection` tab. 1. Install the [Datadog - Amazon CloudFront integration](https://app.datadoghq.com/integrations/amazon-cloudfront). 1. Optional: Enable [Additional CloudFront Distribution Metrics](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/viewing-cloudfront-metrics.html) for more visibility into the performance of your CloudFront traffic. ### Log collection{% #log-collection %} {% tab title="Standard Logs" %} #### Enable logging{% #enable-logging %} When you enable CloudFront logging for a distribution, specify the Amazon S3 bucket that you want CloudFront to store log files in. If you're using Amazon S3 as your origin, Datadog recommends that you do not use the same bucket for your log files; using a separate bucket simplifies maintenance. **Note**: Datadog recommends storing the log files for multiple distributions in the same bucket so that the log forwarder only has to subscribe to one bucket. {% alert level="info" %} To automatically categorize logs with the CloudFront source, specify `cloudfront` as the prefix for the file names when enabling logging. Logs will otherwise be categorized as `s3`. {% /alert %} #### Send logs to Datadog{% #send-logs-to-datadog %} **Note**: Datadog's [automatic trigger setup](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/?tab=awsconsole#automatically-set-up-triggers) is available for S3 buckets only. For CloudWatch log groups, use the [manual trigger setup](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/#collecting-logs-from-cloudwatch-log-group). 1. If you haven't already, set up the [Datadog Forwarder Lambda function](https://docs.datadoghq.com/logs/guide/forwarder/) in your AWS account. 1. Once set up, go to the Datadog Forwarder Lambda function. In the Function Overview section, click **Add Trigger**. 1. Select the **S3** trigger for the Trigger Configuration. 1. Select the S3 bucket that contains your CloudFront logs. 1. Leave the event type as `All object create events`. 1. Click **Add** to add the trigger to your Lambda. Go to the [Log Explorer](https://app.datadoghq.com/logs) to start exploring your logs. For more information on collecting AWS Services logs, see [Send AWS Services Logs with the Datadog Lambda Function](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/). {% /tab %} {% tab title="Real-Time Logs" %} #### Enable logging{% #enable-logging %} ##### Create a specific configuration{% #create-a-specific-configuration %} When creating a real-time log configuration, you can specify which log fields you want to receive. By default, all of the [available fields](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) are selected. Datadog recommends that you keep this default configuration and add the following custom parsing rule to automatically process logs with all fields enabled. Navigate to the [Pipelines page](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields), search for Amazon CloudFront, [create or edit a grok parser processor](https://docs.datadoghq.com/logs/log_configuration/processors/?tab=ui#grok-parser), and add the following helper rules under *Advanced Settings*: ```java real_time_logs (%{number:timestamp:scale(1000)}|%{number:timestamp})\s+%{_client_ip}\s+%{_time_to_first_byte}\s+%{_status_code}\s+%{_bytes_write}\s+%{_method}\s+%{regex("[a-z]*"):http.url_details.scheme}\s+%{notSpace:http.url_details.host:nullIf("-")}\s+%{notSpace:http.url_details.path:nullIf("-")}\s+%{_bytes_read}\s+%{notSpace:cloudfront.edge-location:nullIf("-")}\s+%{_request_id}\s+%{_ident}\s+%{_duration}\s+%{_version}\s+IPv%{integer:network.client.ip_version}\s+%{_user_agent}\s+%{_referer}\s+%{notSpace:cloudfront.cookie}\s+(%{notSpace:http.url_details.queryString:querystring}|%{notSpace:http.url_details.queryString:nullIf("-")})\s+%{notSpace:cloudfront.edge-response-result-type:nullIf("-")}\s+%{_x_forwarded_for}\s+%{_ssl_protocol}\s+%{_ssl_cipher}\s+%{notSpace:cloudfront.edge-result-type:nullIf("-")}\s+%{_fle_encrypted_fields}\s+%{_fle_status}\s+%{_sc_content_type}\s+%{_sc_content_len}\s+%{_sc_range_start}\s+%{_sc_range_end}\s+%{_client_port}\s+%{_x_edge_detailed_result_type}\s+%{notSpace:network.client.country:nullIf("-")}\s+%{notSpace:accept-encoding:nullIf("-")}\s+%{notSpace:accept:nullIf("-")}\s+%{notSpace:cache-behavior-path-pattern:nullIf("-")}\s+%{notSpace:headers:nullIf("-")}\s+%{notSpace:header-names:nullIf("-")}\s+%{integer:headers-count}.* ``` #### Send logs to Datadog{% #send-logs-to-datadog %} Real-time logs are delivered to the Kinesis Data Stream of your choice and can be directly forwarded to Datadog with the [Kinesis Firehose integration](https://docs.datadoghq.com/integrations/amazon_kinesis/). You can also configure a consumer, such as Amazon Kinesis Data Firehose, to send Real-time logs to an S3 bucket and use the [Datadog Lambda forwarder](https://docs.datadoghq.com/serverless/forwarder/) to ship logs to Datadog. {% /tab %} ## Data Collected{% #data-collected %} ### Metrics{% #metrics %} | | | | | **aws.cloudfront.401\_error\_rate**(gauge) | The percentage of all viewer requests for which the response's HTTP status code is 401 (Additional Metrics must be enabled).*Shown as percent* | | **aws.cloudfront.403\_error\_rate**(gauge) | The percentage of all viewer requests for which the response's HTTP status code is 403 (Additional Metrics must be enabled).*Shown as percent* | | **aws.cloudfront.404\_error\_rate**(gauge) | The percentage of all viewer requests for which the response's HTTP status code is 404 (Additional Metrics must be enabled).*Shown as percent* | | **aws.cloudfront.4xx\_error\_rate**(gauge) | The percentage of all requests for which the HTTP status code is 4xx.*Shown as percent* | | **aws.cloudfront.502\_error\_rate**(gauge) | The percentage of all viewer requests for which the response's HTTP status code is 502 (Additional Metrics must be enabled).*Shown as percent* | | **aws.cloudfront.503\_error\_rate**(gauge) | The percentage of all viewer requests for which the response's HTTP status code is 503 (Additional Metrics must be enabled).*Shown as percent* | | **aws.cloudfront.504\_error\_rate**(gauge) | The percentage of all viewer requests for which the response's HTTP status code is 504 (Additional Metrics must be enabled).*Shown as percent* | | **aws.cloudfront.5xx\_error\_rate**(gauge) | The percentage of all requests for which the HTTP status code is 5xx.*Shown as percent* | | **aws.cloudfront.bytes\_downloaded**(count) | The number of bytes downloaded by viewers for GET, HEAD, and OPTIONS requests.*Shown as byte* | | **aws.cloudfront.bytes\_uploaded**(count) | The number of bytes uploaded to your origin with CloudFront using POST and PUT requests.*Shown as byte* | | **aws.cloudfront.cache\_hit\_rate**(gauge) | The percentage of all cacheable requests for which CloudFront served the content from its cache. HTTP POST and PUT requests (and errors) are not considered cacheable requests (Additional Metrics must be enabled).*Shown as percent* | | **aws.cloudfront.function\_compute\_utilization**(gauge) | The amount of time that the function took to run as a percentage of the maximum allowed time.*Shown as percent* | | **aws.cloudfront.function\_execution\_errors**(gauge) | The number of execution errors that occurred in a given time period.*Shown as error* | | **aws.cloudfront.function\_invocations**(count) | The number of times the function was started in a given time period.*Shown as invocation* | | **aws.cloudfront.function\_throttles**(count) | The number of times that the function was throttled in a given time period.*Shown as throttle* | | **aws.cloudfront.function\_validation\_errors**(gauge) | The number of validation errors produced by the function in a given time period.*Shown as error* | | **aws.cloudfront.lambda\_execution\_error**(count) | The number of Lambda execution errors that occurred in a given time period.*Shown as error* | | **aws.cloudfront.lambda\_limit\_exceeded\_error**(count) | The number of Lambda limit exceeded errors that occurred in a given time period.*Shown as error* | | **aws.cloudfront.lambda\_validation\_error**(count) | The number of Lambda validation errors that occurred in a given time period.*Shown as error* | | **aws.cloudfront.origin\_latency**(gauge) | The total time spent from when CloudFront receives a request to when it starts providing a response to the network (not the viewer) for requests that are served from the origin (not the CloudFront cache). This is also known as first byte latency or time-to-first-byte (Additional Metrics must be enabled).*Shown as millisecond* | | **aws.cloudfront.requests**(count) | The number of requests for all HTTP methods and for both HTTP and HTTPS requests. | | **aws.cloudfront.total\_error\_rate**(gauge) | The percentage of all requests for which the HTTP status code is 4xx or 5xx.*Shown as percent* | Each of the metrics retrieved from AWS are assigned the same tags that appear in the AWS console, including but not limited to `aws_account`, `region`, and `distributionid`. ### Events{% #events %} The Amazon CloudFront integration does not include any events. ### Service Checks{% #service-checks %} The Amazon CloudFront integration does not include any service checks. ## Troubleshooting{% #troubleshooting %} Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).