Skip to main content

Using AWS S3 to Store ELB Access Logs

Hands-On Lab

 

Photo of Craig Arcuri

Craig Arcuri

AWS Training Architect II in Content

Length

00:30:00

Difficulty

Intermediate

Amazon S3 provides a secure, highly available, and highly durable option for storing objects in AWS. The versatility of S3 dictates that the DevOps Engineer understand the many uses of S3 and how to implement solutions with S3. This Learning Activity will allow the student to create and configure an S3 Bucket to store Access Logs from an Elastic Load Balancer. This configuration involves creating the bucket, and creating a Bucket Policy for the bucket. Additionally, the student will create a Load Balancer and enable access logs on the Load Balancer which will then be stored in S3.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Using AWS S3 to Store ELB Access Logs

Introduction

Amazon S3 is a secure, highly available, and highly durable option for storing objects in AWS. Because S3 is so versatile, it's important for us to understand the many different uses of S3 and how to create and implement solutions with S3.

In this lab, we will create and configure an S3 bucket to store access logs from an elastic load balancer. We will do the following:

  • Create an S3 bucket
  • Create a bucket policy for the bucket
  • Create an elastic load balancer
  • Enable access logs on the load balancer

Log in to the AWS Management Console using the credentials provided on the lab instructions page. Make sure you are using the us-east-1 region throughout the lab.

Create an Elastic Load Balancer

  1. From the AWS Management Console Dashboard, navigate to the EC2 service.
  2. Click Load Balancers in the left sidebar.
  3. Click Create Load Balancer.
  4. Under Application Load Balancer, click Create.
  5. Name the load balancer "ALB4LearningActivity".
  6. Under Availability Zones, select us-east-1a and us-east-1b.
  7. Click Next: Configure Security Settings.
  8. Click Next: Configure Security Groups.
  9. Leave the Select an existing security group option selected, and select the default security group from the list.
  10. Click Next: Configure Routing.
  11. Under Target group, provide a name of "example", and leave the default options for all of the settings, and click Next: Register Targets.
  12. Click Next: Review.
  13. Click Create.
  14. Click Close to exit the success message.

Create and Configure an S3 Bucket

  1. From the AWS Management Console, navigate to the S3 service.
  2. Click + Create bucket.
  3. Name the bucket "abucket4elb2". (Note: Be sure to use random numbers after the bucket name as buckets need to be globally unique. Note the name you used for your bucket as it will be used later.)
  4. Make sure the region is set to US East (N. Virginia).
  5. Click Next.
  6. Leave all the bucket settings as their defaults. Click Next, Next, then Create bucket.
  7. On the Amazon S3 dashboard page, click abucket4elb to open the bucket.
  8. Click the Permissions tab at the top of the page.
  9. Click Bucket Policy.
  10. Right-click Policy generator at the bottom of the screen, and open the link in a new browser tab.
  11. On the AWS Policy Generator page, configure the following settings:
    • Select Type of Policy: S3 Bucket Policy
    • Effect: Allow
    • Principal: 127311923021
    • Actions: PutObject
    • Amazon Resource Name (ARN): arn:aws:s3:::<BUCKET_NAME>/myapps/AWSLogs/<ACCOUNT>/*
      • Be sure to modify the bucket name in this string to match the bucket name you used earlier.
      • The account ID for your lab can be found by clicking the username found in the top right of the EC2 Management Console page.
  12. Click Add Statement, then Generate Policy.
  13. Copy the text in the Policy JSON Document popup to your clipboard.
  14. Switch back to your S3 Management Console browser tab, and paste the JSON text we just copied into the Bucket policy editor field.
  15. Click Save.

Enable Access Logs

  1. Navigate to the EC2 service and click on Load Balancers in the left sidebar.
  2. In the Description tab at the bottom of the screen, scroll down to the Attributes header.
  3. Click Edit attributes.
  4. For Access logs, check the box next to Enable.
  5. For S3 location, type "<BUCKET_NAME>/myapps".
    • Be sure to modify the bucket name in this string to match the bucket name you used earlier.
  6. Click Save.
  7. Navigate to the S3 service.
  8. Click <BUCKET_NAME> to open the bucket.
  9. Click myapps, AWSLogs, <ACCOUNT>, then ELBAccessLogTestFile.

Conclusion

Congratulations, you've successfully completed this lab!

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html