Amazon CloudFront

Overview

Amazon CloudFront is a global content delivery network (CDN) service that accelerates delivery of your websites, APIs, video content or other web assets.

Enable this integration to see in Datadog all your CloudFront metrics.

Setup

Installation

If you haven’t already, set up the Amazon Web Services integration first.

Metric collection

  1. In the AWS integration page, ensure that CloudFront is enabled under the Metric Collection tab.
  2. Install the Datadog - AWS CloudFront integration.
  3. Optional: Enable Additional CloudFront Distribution Metrics for more visibility into the performance of your CloudFront traffic.

Log collection

    Enable logging

    When you enable CloudFront logging for a distribution, specify the Amazon S3 bucket that you want CloudFront to store log files in. If you’re using Amazon S3 as your origin, Datadog recommends that you do not use the same bucket for your log files; using a separate bucket simplifies maintenance.

    Note: Datadog recommends storing the log files for multiple distributions in the same bucket so that the log forwarder only has to subscribe to one bucket.

    To automatically categorize logs with the CloudFront source, specify cloudfront as the prefix for the file names when enabling logging. Logs will otherwise be categorized as s3.

    Send logs to Datadog

    1. If you haven’t already, set up the Datadog Forwarder Lambda function in your AWS account.
    2. Once set up, go to the Datadog Forwarder Lambda function. In the Function Overview section, click Add Trigger.
    3. Select the S3 trigger for the Trigger Configuration.
    4. Select the S3 bucket that contains your CloudFront logs.
    5. Leave the event type as All object create events.
    6. Click Add to add the trigger to your Lambda.

    Go to the Log Explorer to start exploring your logs.

    For more information on collecting AWS Services logs, see Send AWS Services Logs with the Datadog Lambda Function.

    Enable logging

    Create a specific configuration

    When creating a real-time log configuration, you can specify which log fields you want to receive. By default, all of the available fields are selected.

    Cloudfront logging 3

    Datadog recommends that you keep this default configuration and add the following custom parsing rule to automatically process logs with all fields enabled.

    Navigate to the Pipelines page, search for AWS CloudFront, [create or edit a grok parser processor][7], and add the following helper rules under Advanced Settings:

          real_time_logs (%{number:timestamp:scale(1000)}|%{number:timestamp})\s+%{_client_ip}\s+%{_time_to_first_byte}\s+%{_status_code}\s+%{_bytes_write}\s+%{_method}\s+%{regex("[a-z]*"):http.url_details.scheme}\s+%{notSpace:http.url_details.host:nullIf("-")}\s+%{notSpace:http.url_details.path:nullIf("-")}\s+%{_bytes_read}\s+%{notSpace:cloudfront.edge-location:nullIf("-")}\s+%{_request_id}\s+%{_ident}\s+%{_duration}\s+%{_version}\s+IPv%{integer:network.client.ip_version}\s+%{_user_agent}\s+%{_referer}\s+%{notSpace:cloudfront.cookie}\s+(%{notSpace:http.url_details.queryString:querystring}|%{notSpace:http.url_details.queryString:nullIf("-")})\s+%{notSpace:cloudfront.edge-response-result-type:nullIf("-")}\s+%{_x_forwarded_for}\s+%{_ssl_protocol}\s+%{_ssl_cipher}\s+%{notSpace:cloudfront.edge-result-type:nullIf("-")}\s+%{_fle_encrypted_fields}\s+%{_fle_status}\s+%{_sc_content_type}\s+%{_sc_content_len}\s+%{_sc_range_start}\s+%{_sc_range_end}\s+%{_client_port}\s+%{_x_edge_detailed_result_type}\s+%{notSpace:network.client.country:nullIf("-")}\s+%{notSpace:accept-encoding:nullIf("-")}\s+%{notSpace:accept:nullIf("-")}\s+%{notSpace:cache-behavior-path-pattern:nullIf("-")}\s+%{notSpace:headers:nullIf("-")}\s+%{notSpace:header-names:nullIf("-")}\s+%{integer:headers-count}.*

    Send logs to Datadog

    Real-time logs are delivered to the Kinesis Data Stream of your choice and can be directly forwarded to Datadog with the Kinesis Firehose integration.

    You can also configure a consumer, such as Amazon Kinesis Data Firehose, to send Real-time logs to an S3 bucket and use the Datadog Lambda forwarder to ship logs to Datadog.

    Data Collected

    Metrics

    aws.cloudfront.401_error_rate
    (gauge)    		The percentage of all viewer requests for which the response’s HTTP status code is 401 (Additional Metrics must be enabled).
    Shown as percent
    aws.cloudfront.403_error_rate
    (gauge)    		The percentage of all viewer requests for which the response’s HTTP status code is 403 (Additional Metrics must be enabled).
    Shown as percent
    aws.cloudfront.404_error_rate
    (gauge)    		The percentage of all viewer requests for which the response’s HTTP status code is 404 (Additional Metrics must be enabled).
    Shown as percent
    aws.cloudfront.4xx_error_rate
    (gauge)    		The percentage of all requests for which the HTTP status code is 4xx.
    Shown as percent
    aws.cloudfront.502_error_rate
    (gauge)    		The percentage of all viewer requests for which the response’s HTTP status code is 502 (Additional Metrics must be enabled).
    Shown as percent
    aws.cloudfront.503_error_rate
    (gauge)    		The percentage of all viewer requests for which the response’s HTTP status code is 503 (Additional Metrics must be enabled).
    Shown as percent
    aws.cloudfront.504_error_rate
    (gauge)    		The percentage of all viewer requests for which the response’s HTTP status code is 504 (Additional Metrics must be enabled).
    Shown as percent
    aws.cloudfront.5xx_error_rate
    (gauge)    		The percentage of all requests for which the HTTP status code is 5xx.
    Shown as percent
    aws.cloudfront.bytes_downloaded
    (count)    		The number of bytes downloaded by viewers for GET, HEAD, and OPTIONS requests.
    Shown as byte
    aws.cloudfront.bytes_uploaded
    (count)    		The number of bytes uploaded to your origin with CloudFront using POST and PUT requests.
    Shown as byte
    aws.cloudfront.cache_hit_rate
    (gauge)    		The percentage of all cacheable requests for which CloudFront served the content from its cache. HTTP POST and PUT requests (and errors) are not considered cacheable requests (Additional Metrics must be enabled).
    Shown as percent
    aws.cloudfront.function_execution_errors
    (gauge)    		The number of execution errors that occurred in a given time period.
    Shown as error
    aws.cloudfront.function_execution_time
    (gauge)    		The amount of time that the function took to run as a percentage of the maximum allowed time.
    Shown as percent
    aws.cloudfront.function_invocations
    (count)    		The number of times the function was started in a given time period.
    Shown as invocation
    aws.cloudfront.function_validation_errors
    (gauge)    		The number of validation errors produced by the function in a given time period.
    Shown as error
    aws.cloudfront.origin_latency
    (gauge)    		The total time spent from when CloudFront receives a request to when it starts providing a response to the network (not the viewer) for requests that are served from the origin (not the CloudFront cache). This is also known as first byte latency or time-to-first-byte (Additional Metrics must be enabled).
    Shown as millisecond
    aws.cloudfront.requests
    (count)    		The number of requests for all HTTP methods and for both HTTP and HTTPS requests.
    aws.cloudfront.total_error_rate
    (gauge)    		The percentage of all requests for which the HTTP status code is 4xx or 5xx.
    Shown as percent

    Each of the metrics retrieved from AWS are assigned the same tags that appear in the AWS console, including but not limited to aws_account, region, and distributionid.

    Events

    The AWS Cloudfront integration does not include any events.

    Service Checks

    The AWS Cloudfront integration does not include any service checks.

    Troubleshooting

    Need help? Contact Datadog support.