More than 30 fields are included in each log file. They contain the date and time of the request and also the edge location where they were received. Other fields shown include the source IP, protocol, and port.
Much like ALB access logs, the CloudFront logs also include the HTTP status code of the server’s response. This is a critical tool for analyzing the success of requests.
You can also use Athena to perform overall analysis of CloudFront logs.
You can use either CloudFront or ELB logs to analyze HTTP response codes and determine if requests were successfully served.
Answer this question. The answer follows the question. If you cannot answer the question correctly, consider reading this section again until you can.
1. Which data fields can be viewed in both CloudWatch and Application Load Balancer logs? (Choose three.)
A. The destination target group
B. IP and port of the requesting client
C. The distribution associated with the request
D. The HTTP response code
E. The date and time of the request
1. Answer: B, D, and E are correct. CloudWatch logs do not display the target group of the ALB. ALB logs do not display the CloudFront distribution.
This section covers the following objective of Domain 5 (Networking and Content Delivery) from the official AWS Certified SysOps Administrator – Associate (SOA-C02) exam guide:
5.3 Troubleshoot network connectivity issues
If you can correctly answer these questions before going through this section, save time by skimming the Exam Alerts in this section and then completing the Cram Quiz at the end of the section.
1. Name one benefit and one drawback of increasing the TTL on objects in a CloudFront distribution.
2. What does the total error rate metric for a CloudFront distribution indicate?
1. Answer: Increasing the TTL means CloudFront will reach out to the origin for updated content less often, resulting in fewer cache misses. The drawback is that your users are more likely to get stale data from the cache.
2. Answer: The total error rate metric indicates the percentage of requests to the origin that result in a 400-type or 500-type response.
The two major benefits of CloudFront are reducing latency experienced by requestors and reducing the hit count on your origin (S3, web server, and so on). As more objects are served from CloudFront, this reduces the workload that the origin must perform, and as a result, cost savings can be achieved.
The percentage of requests that are served by CloudFront (without pulling content from the origin) is called the cache hit ratio. You can observe the cache hit ratio in the CloudFront console. Increasing the TTL is one way to improve this ratio because CloudFront will reach out to the origin for updated content less often. Of course, this means that your users are more likely to get stale data from the cache.
CloudFront serves the cached version of a file from an edge location until the file expires. After a file expires, CloudFront forwards the request to the origin server. CloudFront may still have the latest version, in which case the origin returns the status code 304 Not Modified. If a newer version exists in the origin, the origin returns the status code 200 OK and the latest version of the file.
You can also improve caching based on cookie values. Instead of forwarding all cookies, configure specific cookies for CloudFront to forward to your origin. For example, assume that there are two cookies in a request, and each cookie has two possible values. In this case, CloudFront forwards four requests to the origin, and all four responses are cached in CloudFront, even if some of them are identical.
Similarly, you can configure CloudFront to cache based on only a limited set of specified headers instead of forwarding and caching based on all headers.