• FAQ
  • Amazon Elastic Load Balancing

Amazon Elastic Load Balancing

Amazon ELB records all requests sent to your load balancer, and stores the logs in Amazon S3 for analysis wiht Qloudstat.

Authentication for Qloudstat

You can find a fine grained IAM policy snippet preconfigured with your bucket names when editing your configuration.

  • Authentication for Qloudstat with IAM The access key and secret are preferrably the credentials of a dedicated IAM user created to give Qloudstat access to your account. Please use the AWS Console to create an IAM user with grants provided to access your log files.

    Follow these steps to create a new IAM user:

    • Choose Create New Users in the IAM Console.
    • Make sure the checkbox Generate an access key for each User is selected.
    • After creating the user, select Show User Security Credentials.
    • Copy the Access Key Id and Secret Access Key to paste here.
    • Select the newly created user in the list and choose the Permissions tab.
    • Select Attach User Policy.
    • Select Custom Policy and enter the following policy document:
      {"Statement": [
          {
              "Effect": "Allow",
              "Action": "elasticloadbalancing:Describe*",
              "Resource": "*"
          }
      ]},
      {
          "Action": [
              "s3:ListBucket"
          ],
          "Condition": {
              "Bool": { "aws:SecureTransport": "true" },
              "StringLike" : {"s3:prefix":["*"]}
          },
          "Effect": "Allow",
          "Resource": "arn:aws:s3:::loggingtargetbucket"
      },
      {
          "Action": [
              "s3:GetObject"
          ],
          "Condition": {
              "Bool": { "aws:SecureTransport": "true" }
          },
          "Effect": "Allow",
          "Resource": "arn:aws:s3:::loggingtargetbucket/*"
      }
      }
    • Select Apply Policy.

    Replace loggingtargetbucket with the name of your logging target bucket.

    More information can be found in the AWS Reference.

Supported Dimensions & Metrics

Refer to the list of Dimensions and Metrics

Purge Log Files

You can find a fine grained IAM policy snippet preconfigured with your bucket names when editing your configuration.

Add the following statement to your existing IAM policy:

{
    "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:DeleteObject",
      "Resource": "arn:aws:s3:::*"
    }
    ]
}