Overview
You can use this document to learn how to configure your AWS account to enable StackPath to stream logs to your S3 bucket.
At a high level, you will:
- Create and configure an AWS S3 bucket, enabling it to receive logs from StackPath.
- Create AWS IAM policy
- Create AWS IAM role
- Obtain the role's ARN
Support
Your Account or Sales representative can assist you in enabling any of the fields listed in the Available Fields section here, or you may reach out to Support at hi@stackpath.com for assistance with this as well.
Support requires that you provide the following information when requesting assistance with enabling logs or additional fields:
- Site name
- Desired fields
- AWS bucket name
- AWS bucket region
- Role ARN for an AWS IAM role
- This role must be associated with the StackPath AWS Account ID 517500695256
- This role must have a policy attached with write and list access to the bucket
AWS Configuration
This section will explain the steps required before StackPath can start sending logs to your S3 bucket. Follow the steps below to configure the sink you would like your logs sent to.
Step 1: Create an AWS Policy for the S3 Bucket
- Log in to your AWS console.
- Under Security, Identity, and Compliance, click IAM.
- In the left-side navigation, click Policies.
- Click Create Policy.
- Click JSON.
-
Paste the JSON file provided by StackPath. This policy will give StackPath access to write logs to your Amazon S3 bucket.
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
"arn:aws:s3:::DOC-EXAMPLE-BUCKET"
]
}
]
} - Replace DOC-EXAMPLE-BUCKET with the name of your S3 bucket.
- Click Next: Tags.
- (Optional) Add tags to this policy.
• To learn more, please review this AWS article. - Click Next: Review.
- In Name, enter a descriptive name for the policy.
- StackPath recommends that you enter StackPath or SP in the name.
- Copy the policy name for later use.
- Click Create policy.
Step 2: Create an AWS IAM role for StackPath
- Log in to your AWS console.
- Under Security, Identity, and Compliance, click IAM.
- In the left-side navigation, click Roles.
- Click Create role.
- Select Another AWS account.
- For Account ID, enter the StackPath ID: 517500695256
- Click Next: Permissions.
- Select the policy you created in the "Create an AWS Policy for the S3 Bucket" section above.
- Click Next: Tags.
- (Optional) Add tags to this role.
- Click Next: Review.
- In Role name, enter a descriptive name for the role.
- StackPath recommends that you enter StackPath or SP in the name.
- Click Create role.
Step 3: Obtain the Newly Created Role's ARN
To stream your logs, StackPath needs the ARN of the newly created role.
- In the AWS console, in the left-side navigation, click Roles.
- Select the newly created the IAM role.
- Copy the value for Role ARN.
- Share the following information with StackPath:
- Role ARN
- This role must be associated with the StackPath AWS Account ID 517500695256
- This role must have a policy attached with write and list access to the bucket
- Bucket name
- Bucket region
- Role ARN
For more information on CDN log streaming, please see Enabling CDN Log Streaming.