Logging and Monitoring

Monitoring CloudFront behavior and website performance is an important part of maintaining a production-ready static hosting environment. This section explains how to enable access logging, view performance metrics, and configure cost-efficient log retention.

Open the CloudFront console and select your distribution.
Go to Settings and enable Access logging.
Choose an S3 bucket for log storage.
You can use an existing bucket or create a dedicated one.
Recommended naming pattern: example-com-cf-logs
(Optional) Specify a log prefix, for example:
```
logs/
```
CloudFront access logs will begin appearing in the selected S3 bucket within a few minutes.

Open CloudWatch to view CloudFront metrics.
Important metrics to monitor include:

Metric	Purpose
Requests	Overall traffic volume
BytesDownloaded	Data transfer usage
4xxErrorRate	Missing files or client errors
5xxErrorRate	Backend or CloudFront issues
CacheHitRate	CDN efficiency

(Optional) Create CloudWatch alarms to detect issues:

Alarm Suggested Threshold

5xx error rate > 1% for 5 minutes

4xx error rate > 10% for 10 minutes

Cache hit rate < 70%

To create an alarm:
1. Go to CloudWatch → Alarms → Create alarm
2. Select Metrics → CloudFront → By Distribution
3. Choose the metric (e.g., 5xxErrorRate)
4. Set a threshold
5. Configure notifications (SNS, email, etc.)
(Optional) Enable S3 Server Access Logging if you need object-level traceability.
1. Open the S3 bucket
2. Go to Properties
3. Enable Server access logging
4. Choose a different bucket for storing logs
Warning

S3 access logs grow quickly. Use lifecycle rules to control storage costs.
Configure lifecycle rules for your logging bucket:

Action Timeframe

Transition to Glacier Deep Archive After 30–60 days

Delete permanently After 365–730 days
(Optional) Set up dashboards for deeper monitoring:

Tool Purpose

CloudWatch Dashboards Live metric visualization

Athena + S3 logs SQL analysis of access logs

QuickSight Analytical dashboards

Third-party tools Datadog, New Relic, Grafana

Verification Checklist

Item	Status
CloudFront access logging enabled	✔
CloudWatch alarms configured	✔
Lifecycle rules created for log bucket	✔
Optional dashboards configured	⭕ Optional

Alarm	Suggested Threshold
5xx error rate	> 1% for 5 minutes
4xx error rate	> 10% for 10 minutes
Cache hit rate	< 70%

Action	Timeframe
Transition to Glacier Deep Archive	After 30–60 days
Delete permanently	After 365–730 days

Tool	Purpose
CloudWatch Dashboards	Live metric visualization
Athena + S3 logs	SQL analysis of access logs
QuickSight	Analytical dashboards
Third-party tools	Datadog, New Relic, Grafana