What is AWS CloudFront Traffic Anomaly Monitoring?
AWS CloudFront Traffic Anomaly Monitoring is a feature that allows you to track sudden changes in your CloudFront distribution’s traffic patterns. It analyzes the number of requests to your CloudFront-served content and alerts you when there are significant increases or decreases in traffic volume.
How do I set up AWS CloudFront Traffic Anomaly Monitoring?
Add the AWS CloudFront resource to your Alerty inventory, and Alerty will begin monitoring it automatically! When Alerty detects a significant change in your traffic patterns, it will send you an alert.
While we recommend using the simple read-only permissions setup for most users, AWS does offer options for more granular control over IAM permissions. This is useful for users who need to restrict access to specific resources or adhere to strict security policies.To create a fine-grained access IAM user:
Follow steps 1-6 from the broad permissions setup.
Instead of attaching existing policies, choose “Create policy”.
In the visual editor, add the following permissions:
Service: CloudFront
Actions: All Read actions
Resources: Specific (add your Distribution ARN)
Service: CloudWatch
Actions:
List: ListMetrics
Read: GetMetricData, GetMetricStatistics
Resources: All resources
Complete the user creation process and generate CLI credentials as described earlier.
This approach allows you to create a user with the minimum necessary permissions, enhancing security by limiting the scope of what the user can access. However, it requires more setup and you’ll need to ensure you’ve included all the distributions you want to monitor.Remember, if you use a fine-grained access user, you’ll need to make sure it has access to all the distributions you want to monitor in Alerty. If you add new distributions later, you may need to update your IAM user permissions.For most users, the broad read-only permissions setup will be simpler to set up and maintain, especially if you’re monitoring multiple distributions or frequently add new ones.