Configuring ELB logs on S3 Bucket

Instead of having multiple S3 bucket for each ELB access logs, we’ll create only one S3 bucket for storing all ELB’s access logs.

This section walks you through the step by step guide for configuring S3 bucket for storing ELB logs.

Step1: Create S3 bucket
Step2: Attach a bucket policy to the S3 Bucket
Step3: Enable Access logs at the ELB

Step1: Create S3 bucket:

Let’s create an S3 bucket for storing our ELB logs.
S3 bucket: com.domainame.com.elb.logs

elb1

Let’s create few folder inside our S3 bucket. e.g. myapp1, myapp2, myapp3 for storing respective elb access logs.

Step2: Attach a bucket policy to the S3 bucket.

You can use below bucket policy for this purpose. You have to change certain parameters on this policy like “account number, bucket name , folder name” as per your setup.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
{
"Version": "2008-10-17",
"Id": "Policy1413182823222",
"Statement": [
     {
      "Sid": "Stmt1413182819426",
      "Effect": "Allow",
      "Principal": {
      "AWS": "arn:aws:iam::ELB-REGION-ID:root"
    },
 "Action": "s3:PutObject",
 "Resource": [
     "arn:aws:s3:::com.domainname.com.elb.logs/myapp1/AWSLogs/XXXXXXXXXXXX/*",
     "arn:aws:s3:::com.domainname.com.elb.logs/myapp2/AWSLogs/XXXXXXXXXXXX/*",
     "arn:aws:s3:::com.domainname.com.elb.logs/myapp3/AWSLogs/XXXXXXXXXXXX/*",
    ]
   }
 ]
}

–> In place of ELB-REGION-ID, you have to use ‘127311923021’ if your ELB is in North Virginia and ‘156460612806’ if your ELB is in EU (Ireland). For a complete list of ELB REGION ID you can follow this link “http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/configure-s3-bucket.html

–> In Resource section above , You have to use below format

1
arn:aws:s3:::yourS3bucketname/prefix/AWSLogs/yourAWSAccountID/*

like we did
yourS3bucketname: “com.domainname.com.elb.logs”
prefix: “myapp1″
AWSlogs: “leave it as it is”
yourAWSAccountID: “your 12 digit AWS Account Number”

Similarly you can define multiple prefix for multiple application.

Step3: Enable Access logs at the ELB

Log In to EC2 Section -> Browse to Load Balancers -> Click on any load Balancer -> Enable Access log [Edit],
This will ask you for your S3 Bucket location with prefix.

Give the path of S3 bucket. “com.domainname.com.elb.logs/myapp1″

elb5

elb6

Similarly for another ELB you can enable access log and use myapp2 folder.

Refer: http://www.tothenew.com/blog/elb-logs-on-s3-bucket/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s