Step 3. Configure web access logging - Security Automations for AWS WAF
Store web access logs from a CloudFront distributionStore web access logs from an Application Load Balancer

Step 3. Configure web access logging

Configure CloudFront or your ALB to send web access logs to the appropriate Amazon S3 bucket so that this data is available for the Log Parser Lambda function.

Store web access logs from a CloudFront distribution

  1. Sign in to the Amazon CloudFront console.

  2. Select your web application’s distribution, and choose Distribution Settings.

  3. On the General tab, choose Edit.

  4. For AWS WAF Web ACL, choose the web ACL solution created (the Stack name parameter).

  5. For Logging, choose On.

  6. For Bucket for Logs, choose the S3 bucket that you want to use for storing web access logs. This can be a new or existing S3 bucket that is used in the main stack and has permission for CloudFront to write logs. The drop-down list enumerates the buckets associated with the current AWS account. For more information, see Getting started with a basic CloudFront distribution in the Amazon CloudFront Developer Guide.

  7. Set the log prefix to the prefix used for deploying the solution. You can find the prefix in the main stack, Parameters tab, AppAccessLogBucketPrefixParam (default AWSLogs/).

  8. Choose Yes, edit to save your changes.

For more information, refer to Configuring and using standard logs (access logs) in the Amazon CloudFront Developer Guide.

Store web access logs from an Application Load Balancer

  1. Sign in to the Amazon Elastic Compute Cloud (Amazon EC2) console.

  2. In the navigation pane, choose Load Balancers.

  3. Select your web application’s ALB.

  4. On the Description tab, choose Edit attributes.

  5. Choose Enable access logs.

  6. For S3 location, type the name of the S3 bucket that you want to use for storing web access logs. This can be a new or existing S3 bucket that is used in the main stack and has permission for Application Load Balancer to write logs.

  7. Set the log prefix to the prefix used for deploying the solution. You can find the prefix in the main stack, Parameters tab, AppAccessLogBucketPrefixParam (default AWSLogs/).

  8. Choose Save.

For more information, refer to Access Logs for your Application Load Balancer in the Elastic Load Balancing User Guide.