Skip to content

Enable HTTP request Log Shipping

VIP’s Log Shipping feature will ship copies of an application’s HTTP request logs at 5-minute intervals to a customer’s Amazon Web Services (AWS) S3 buckets.

Prerequisites

  • To enable Log Shipping, a user must have access the VIP Dashboard and an App admin role for that application.
  • The AWS S3 bucket name and region are required for configuration.
  • User must have access to modify the AWS Bucket Policy to complete the setup.

AWS S3 bucket requirements

Bucket Name

  • The AWS S3 bucket name can only include lowercase letters (a-z), numbers (0-9) and hyphens (-).
    The inclusion of periods (.) in an AWS S3 bucket name is likely to cause Log Shipping failures.
  • Review the AWS bucket naming requirements for additional information.

Encryption

  • The S3 bucket must not use KMS encryption; SSE-S3 is the preferred encryption option.

Enable Log Shipping

  1. Navigate to the VIP Dashboard and select the “Settings” panel option at the left.
  2. Below “Add-ons” select “Log Shipping“.
  3. Select the “Configuration” tab.
  4. Enter the “Bucket Name” and “Bucket Region” values for the S3 bucket that will receive the shipped logs from VIP.
  5. Select “Continue“.
Screenshot of the Log Shipping configuration panel in the VIP Dashboard
  1. Copy the contents of the JSON-formatted “Generated Access Policy” config file. Add the Generated Access Policy content to the S3 bucket by following the instructions for Granting AWS Config access to the Amazon S3 Bucket.
  2. Test Configuration” by selecting “Test and Continue“. A test file named vip-go-test-file.txt will be uploaded to the S3 bucket as part of the verification process. This file will always be present in a site’s configured S3 bucket and path, alongside the dated folders that contain the logs themselves.
  3. If the configuration test was successful, select “Enable Add-on” for log shipping to the S3 bucket to begin.

Disable Log Shipping

  1. Navigate to the VIP Dashboard and select the “Settings” panel option at the left.
  2. Below “Add-ons” select “Log Shipping“.
  3. Select the “Configuration” tab.
  4. Select “Disable Add-on“.

Restricting access by IP range

To restrict access to an AWS S3 bucket via IP range, ensure your bucket access policy accounts for the dynamic IP range accessible at https://go-vip.net/ip-ranges.json. A system to auto-update the access policy will need to be implemented, as the IP ranges are subject to change.

Last updated: April 06, 2022