如何将实时日志附加到 CloudFormation 中的分发

Question

我已经创建了一个实时日志记录配置。但是，我找不到如何将它附加到 CloudFront 分发版。创建实时日志记录的 CloudFront 模板是：

KinesisDataStream:
Type: AWS::Kinesis::Stream
Properties:
  Name: my-stream
  RetentionPeriodHours: 24
  ShardCount: 1
RealTimeLogggingRole:
Type: AWS::IAM::Role
Properties:
  Tags:
    - Key: Name
      Value: my-role
  Path: "/"
  AssumeRolePolicyDocument:
    Version: 2012-10-17
    Statement:
      - Effect: Allow
        Action: sts:AssumeRole
        Principal:
          Service: cloudfront.amazonaws.com
  Policies:
    - PolicyName: po-real-time-logging-policy
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - kinesis:DescribeStreamSummary
              - kinesis:DescribeStream
              - kinesis:PutRecord
              - kinesis:PutRecords
            Resource:
              - !GetAtt KinesisDataStream.Arn
RealTimeLoggging:
Type: AWS::CloudFront::RealtimeLogConfig
Properties:
  Name: my-logging
  SamplingRate: 100
  Fields:
    - timestamp
    - c-ip
    - cs-host
    - cs-uri-stem
    - cs-headers
  EndPoints:
    - StreamType: Kinesis
      KinesisStreamConfig:
        RoleArn: !GetAtt RealTimeLogggingRole.Arn
        StreamArn: !GetAtt KinesisDataStream.Arn
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
...

我可以将它附加到 GUI 的分发服务器上：

但我找不到如何使用 CloudFormation 执行此操作？

Answer 1

您必须更新您的AWS::CloudFront::Distribution DefaultCacheBehavior and set RealtimeLogConfigArn：

RealtimeLogConfigArn: !Ref RealTimeLoggging

如何将实时日志附加到 CloudFormation 中的分发

How to attach Real-time log to a Distribution in CloudFormation

amazon-cloudformation

amazon-cloudfront