AWS Clodufront can do standard logging to an AWS S3 bucket. Follow this document to enable logging and grant read-only accesss to Last9 for the target bucket

Pre-requisites

1. Create an S3 bucket which will hold your Cloudfront distribution logs.

Steps

1. If your Cloudfront distribution does not have standard logging enabled, you will see the following

   

   • If it is on and S3 bucket and prefix specified, you can skip step-2.

2. Enable logging by editing the Cloudfront distribution and add the relevant details

   

3. Follow the same steps for enabling S3 bucket read-only access as done for AWS load balancers in this document Access to Load Balancer Logs. Change the policy name from access-lb-logs to access-cloudfront-logs