You are currently viewing How To Configure Access Logs In Application Load Balancer

How To Configure Access Logs In Application Load Balancer

How To Configure Access Logs In Application Load Balancer

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have discussed sticky sessions in Application Load Balancer.

In this blog post, we will discuss Access Logs in Application Load Balancer.

How To Configure Access Logs In Application Load Balancer:

What is Access Logs?

Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client’s IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues.

Access logging is an optional feature of Elastic Load Balancing that is disabled by default. After you enable access logging for your load balancer, Elastic Load Balancing captures the logs and stores them in the Amazon S3 bucket that you specify as compressed files. You can disable access logging at any time.

Each access log file is automatically encrypted using SSE-S3 before it is stored in your S3 bucket and decrypted when you access it. You do not need to take any action; the encryption and decryption is performed transparently.

There is no additional charge for access logs. You are charged storage costs for Amazon S3, but not charged for the bandwidth used by Elastic Load Balancing to send log files to Amazon S3.

Access Log Files:

Elastic Load Balancing publishes a log file for each load balancer node every 5 minutes. Log delivery is eventually consistent. The load balancer can deliver multiple logs for the same period. This usually happens if the site has high traffic. The file names of the access logs use the following format:

Access Log Entries:

Elastic Load Balancing logs requests sent to the load balancer, including requests that never made it to the targets. For example, if a client sends a malformed request, or there are no healthy targets to respond to the request, the request is still logged. Note that Elastic Load Balancing does not log health check requests.

Each log entry contains the details of a single request (or connection in the case of WebSockets) made to the load balancer. For WebSockets, an entry is written only after the connection is closed. If the upgraded connection can’t be established, the entry is the same as for an HTTP or HTTPS request.

Bucket Permissions:

When you enable access logging, you must specify an S3 bucket for the access logs. The bucket must meet the following requirements.


  • The bucket must be located in the same Region as the load balancer.
  • The bucket must have a bucket policy that grants Elastic Load Balancing permission to write the access logs to your bucket.

Access Logs Demo:

Step 1: Create a custom VPC for your ALB.

Step 2: Create two EC2 instances for your Application Load Balancer.

Step 3: Create your Application Load Balancer.

Step 4: Configure Access Logs for your Application Load Balancer.

How To Configure Access Logs In Application Load Balancer

Step 5: Cleanup.

Hope you have enjoyed this article, In the next blog post, we will discuss Network Load Balancer in AWS.

All the public cloud providers are changing the console user interface rapidly and due to this some of the screenshots used in our previous AWS blogs are no longer relevant. Hence, we have decided that from now onwards most of the demo will be done programmatically. Let us know your feedback on this in the comment section.

To get more details on AWS ELB, please refer below AWS documentation


This Post Has One Comment

  1. Avatar

    An error occurred (InvalidConfigurationRequest) when calling the ModifyLoadBalancerAttributes operation: Access Denied for bucket: my-solytics-alb-access-log-bucket. Please check S3bucket permission

    i am facing this error.

Leave a Reply