Route 53 Logs – Logging and Monitoring – ANS-C01 Study Guide

Route 53 Logs

Route 53 has service integrations for exporting events into CloudTrail and CloudWatch. DNS requests at the domain- and subdomain-level are logged into CloudWatch with metrics including what domain lookup was requested, the date and time, the record type such as CNAME or A records, the response code, and the edge location that responded to the query. CloudWatch also collects and analyzes Route 53 health-checking metrics.

The data can be stored and analyzed using AWS search and analysis tools or one of the many offerings from AWS partners. Log streams are categorized by each edge location that responds to a query and are formatted as hosted-zone-id/edge-location-ID. Since the logs can grow to be very large and are stored without a deletion date, it is a good practice to export query logs to a more cost-effective storage solution such as S3 with life-cycle policies applied.

CloudTrail collects console API actions made by a systems administrator, IAM role, or other AWS services. The CloudTrail records provide very detailed information such as who made the request, date/time, source IP address, and what the request was. All records are available in the event history tab of the CloudTrail console. It is important to remember that since Route 53 is a global service and not region specific, you must choose the us-east-1 Virginia region where the Route 53 data is stored, or if you chose Route 53 from the console, it will default to the global region.

For extended retention times, create a trail using the CloudTrail console to store the logs in S3, and use life-cycle policies to manage your storage requirements.

All domain records can be viewed in the Route 53 dashboard, which details registrations, domain transfers, and expiration dates of registered domains.

CloudFront Logs

Standard CloudFront logging, also called access logging, can be enabled in CloudFront and provides very detailed information on edge request activity. When it’s enabled, you must specify the S3 bucket to store the log files in. The logging feature is provided at no charge by AWS; however, there is a charge associated with the S3 storage used. The logging feature is enabled when you create or update the CloudFront distribution. The standard log delivery time is several times per hour but can take up to 24 hours to appear. Real-time logging can also be enabled and sent to a Kinesis data stream for analysis or storage. The data from all of the edge locations is consolidated into the S3 repository.

CloudTrail Logs

CloudTrail records all API calls to AWS services. The API data can tell us who made changes to any of your services, where from, what time, what the change was, and a large amount of metric data. CloudTrail can also be configured to export the API logging to CloudWatch logs, as shown in Figure 5.10.

FIGURE 5.10 CloudTrail logs

X-Ray

The X-Ray service traces request and response actions between application workflows. By enabling X-Ray, you can view the actions inside your applications and services and how they interact with each other including microservices, databases, APIs, and other AWS services. By collecting this information, you can filter and view your data to locate problems and get insight into the interactions between the application and service flows.