AWS Application Load Balancer logging

Created:
December 6, 2023
Updated:
January 2, 2024

Set up logging on your Application Load Balancer (ALB) in AWS.

1. Navigate to Integrations in the FireTail platform. Select the Create Integration tab.

2. Click AWS ALB Logging.

3. Enter a name for the integration.

4. Select an existing AWS Application Load Balancer.

5. Generate an app token.

You can choose to set up the integration With CloudFormation or select the Manual Deployment heading. Select the heading in the integration form.

Deployment with CloudFormation

1. Log into the AWS Console.

2. (Optional) Click Deploy S3 Bucket CloudFormation, if you do not already have a bucket created.

  • Click Create Stack.

3. If you already have a bucket make sure it has eventbridge events enabled. Learn how to enable the eventbridge event here.

4. Deploy the FireTail logging application, click Launch Logging CloudFormation.

5. In the AWS create stack form, paste your bucket name into the ALBAccessLoggingS3Bucket field.

6. Retrieve the App Token and paste it into the FTAPPKEY field.

7. Select the three check boxes next to the I acknowledge statements. Click Create Stack.

8. Open the AWS EC2 Loadbalancer page here.

9. Click the load balancer you want to set up the logging for.

9. In the Attributes tab, click Edit.

10. Locate the Monitoring heading, enable the Access logs setting.

11. In the S3 URI field, click Browse S3. Select the previously created bucket and click Choose. Click Save Changes.

12. Click Submit on the FireTail integration form.

Manual deployment

1. Log into the AWS Console here.

2. Open the AWS S3 page here.

3. Select an existing S3 bucket. Alternatively, create a bucket to use for ALB access logging. To do this:

  • Click Create Bucket. Fill in the required details to create a bucket. Learn how to Create a bucket here.

4. In the selected bucket, click the Properties tab. Locate the Amazon EventBridge heading and click Edit.

5. Select On for Send notifications to Amazon EventBridge for all events in this bucket and click Save changes.

6. Click the Permissions tab. In the Bucket Policy heading click Edit.

7. Update the bucket policy with the correct policy. Refer to ALB Access Logging Bucket Policy for setting the correct bucket policy. Click Save Changes.

8. Open the AWS CloudFormation page here.

9. Download the FireTail logging CloudFormation.

10. Click Create stack and select With new resources (standard).

11. Select Upload a template file.

12. Click Choose file and locate the previous CloudFormation template you downloaded.

13. Click Next.

14. Set the Stack name to something unique.

15. Set the ALBAccessLoggingS3Bucket to the name of your S3 Bucket.

16. Retrieve the FireTail token that you generated and paste it into the FTAPPKEY field.

17. Click Next and Next again.

18. Scroll to the bottom and accept all three checkboxes before proceeding. Click Submit.

20. FireTail Access Logging will now be set up.

21. Click Submit on the FireTail integration form.