Step 1 - Ensure your logs are being sent to a s3 bucket

The following guide from amazon will help you achieve this if you are not doing this already:

Cloudwatch to s3

Step 2 - Ensure adequate bucket permissions

The following permissions applied to the AWS IAM Policy being used:

  • s3:ListBucket to check if the S3 bucket exists and list objects in it.
  • s3:GetObject to check object metadata and download objects from S3 buckets.

Below is how your permissions should appear:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "SidID",
            "Effect": "Allow",
            "Action": [
            "Resource": [
Step 3 - Start sending logs from Cloud Front to your stack will verify your input before it is applied this should be actioned in less than 24 hours, we will contact you to verify.


Ready to get going?

Try our 14 day free trial

No commitment and no catches

Create Free Trial