How to Enable ALB Access Logs and Connection Logs with S3

When working with AWS Application Load Balancer (ALB), enabling access logs and connection logs is essential for monitoring and troubleshooting. However, there is a small but crucial trick to getting it right. In this guide, I'll walk you through the exact steps to configure ALB logs with S3 storage.

Step 1: Create an S3 Bucket

1. Go to the AWS Management Console and navigate to S3.

2. Create a new bucket in the same region as your ALB.

3. Once the bucket is created, open the Permissions tab and click on Edit bucket policy.

Step 2: Configure Bucket Permissions(Main Part)

1. Open this AWS documentation link: Enable ALB Access Logging.

2. Click on Regions available before August 2022 to get the necessary policy.

3. Copy the following policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::elb-account-id:root"
      },
      "Action": "s3:PutObject",
      "Resource": "s3-bucket-arn/*"
    }
  ]
}

Important Edits

1. Replace s3-bucket-arn/* with your actual S3 bucket ARN. Example:

    arn:aws:s3:::testbuckettestbucket0001/*
   

2. Update elb-account-id:

   • Go to this AWS link.https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html

   • Select the correct Elastic Load Balancing account ID for your region.

   • Replace elb-account-id in the policy with the correct value.

3. Save the updated bucket policy.

Note: Don’t Use your account Id with this elb id go to the site {https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html} and copy the elb id according to your region and paste it in your code

Step 3: Enable ALB Access Logs and Connection Logs

1. Navigate to EC2 > Load Balancers.

2. Select your Application Load Balancer.

3. Click on the Attributes tab.

4. Click Edit and enable both Access logs and Connection logs.

5. Choose the S3 bucket that you just created.

6. Save the changes.

Conclusion

That’s it! Your ALB is now configured to send access and connection logs to S3. With this setup, you can analyze traffic patterns, monitor performance, and debug issues efficiently. Happy logging!