How to monitor Amazon CloudFront?

Andreas Wittig – 18 Aug 2020

This website is powered by CloudFront and S3. On top of that, we are using Lambda@Edge to resize images on-the-fly. AWS is responsible for the availability and scalability of all three services. Therefore, monitoring the infrastructure for our website is not too complicated. However, there are still a few things that can go wrong that we want to watch closely. And it would be best if you did the same when using CloudFront.

How to monitor Amazon CloudFront?

When using CloudFront, your architecture looks similar to the following diagram.

  • CloudFront, the Content Delivery Network.
  • S3 or ELB, the origins of your content.
  • Lambda@Edge,
  • CloudWatch, collects metrics from all AWS services.

Monitor CloudFront with CloudWatch

You will learn how to use CloudWatch to monitor CloudFront in the following.

Basic Monitoring

By default, each CloudFront distribution reports the following metrics.

  • 5xxErrorRate
  • Requests
  • TotalErrorRate
  • 4xxErrorRate
  • BytesUploaded
  • BytesDownloaded

In my opinion, the only metric that you should monitor closely is 5xxErrorRate.

Advanced Monitoring

In December 2019, AWS announced 8 additional metrics for CloudFront.

  • CacheHitRate indicates how many requests are answered from the cache instead of contacting the origin.
  • OriginLatency reports the latency from CloudFront to the origin (e.g., S3 or ELB).

Both metrics are worth monitoring, as they could notify you about a problem in your infrastructure long before customers notice an outage.

On top of that, AWS splits down the 4xx and 5xx error rates into more detailed metrics:

  • 401ErrorRate
  • 403ErrorRate
  • 404ErrorRate
  • 502ErrorRate
  • 503ErrorRate
  • 504ErrorRate

The additional error rate metrics are great for solving issues, but not crucial for monitoring, in my opinion.

Unfortunately, you have to enable advanced monitoring for your CloudFront distributions manually. Check out the following video to learn more.

Please note, enabling advanced metrics costs about $2.40 per month for each CloudFront distribution.

Lambda@Edge

Lambda@Edge allows you to run your code at the edge locations, where CloudFront is deployed as well. Typical use cases for Lamdba@Edge: request or response manipulation (e.g., redirects) or on-the-fly image resizing.

Adding Lambda and your code to the mix increases the chance that things will go wrong. Therefore, it is essential to monitor the following metrics.

  • LambdaExecutionError counts the number of failed Lambda executions.
  • LambdaValidationError counts the number of invalid responses from Lambda.

Monitoring Jump Start

In summary, I recommend to monitor the following CloudWatch metrics closely:

  • 5xxErrorRate shows the number of failed requests resulting in an error message visible to the user.
  • CacheHitRate indicates how many requests are answered from the cache instead of contacting the origin.
  • OriginLatency reports the latency from CloudFront to the origin (e.g., S3 or ELB).
  • LambdaExecutionError counts the number of failed Lambda executions.
  • LambdaValidationError counts the number of invalid responses from Lambda.

Therefore, you need to create and configure five CloudWatch alarms per CloudFront distribution. Want a little help with that? Check out our monitoring jump start for CloudFront.

  1. Install marbot (Slack or Microsoft Teams).
  2. Invite marbot in one of your channels.
  3. Send @marbot monitor cloudfront to the channel.
  4. marbot will help you to configure CloudWatch alarms with the help of CloudFormation.
  5. When creating the CloudFormation stack …
    1. Ensure that you selected the region us-east-1.
    2. Set the CloudFrontDistributionId parameter to the ID of your CloudFront distribution.
    3. Review the threshold parameters.
    4. Save by clicking the Create button.
  6. marbot will notify you about issues with your CloudFront distribution.
Andreas Wittig

Andreas Wittig

Consultant focusing on Amazon Web Services (AWS). Entrepreneur building marbot.io. Author of Amazon Web Services in Action, Rapid Docker on AWS, and cloudonaut.io.

You can contact me via Email, Twitter, and LinkedIn.

Published on

marbot teaser

Chatbot for AWS Monitoring

Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.

Slack
Add to Slack
Microsoft Teams
Add to Teams