# Application Load Balancer Access Log Management ### What is Access Log? Access logs in Elastic Load Balancing is an optional feature, and it comes disabled by default. Once you activate/enable access logs for your load balancer, Elastic Load Balancing captures and stores the logs in the specified Amazon S3 bucket in compressed file format. Disabling access logs can be done at any point in time. For every load balancer node, Elastic Load Balancing generates a log file every 5 minutes. The delivery of logs follows an eventually consistent model. Each log file includes details such as the time of request receipt, client IP addresses, latencies, request paths, and server responses. You must create S3 bucket for access logs before you enable the access logs. ### Setup S3 Bucket * The bucket must be located in the same Region as the load balancer. * The bucket and the load balancer can be in same or different account. \-> Connect the AWS Console and Open the Amazon S3 console \-> Select **Create Bucket** ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705993533633/f57135e1-110a-4320-94ea-98c057dba0ac.png align="center") \-> Select the region of the bucket \-> Enter the name of the bucket \-> Scroll down \-> Select the default encryption, Amazon S3-managed keys (SSE-S3) \-> Select Create bucket ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705993841318/1149c04a-52c2-4173-94b5-83cf2077f02e.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705994013209/72fea1ed-8f6a-46c0-8a86-c6deabad330b.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705994119894/498ce5a4-fac2-4401-a57e-e1aa603cce25.png align="center") ### Attach bucket policy S3 bucket must have a bucket policy that grants Elastic Load Balancing permission to write the access logs to the bucket. \-> Connect the AWS Console and Open the Amazon S3 console \-> Select your bucket ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705994378785/78f39161-6ead-48fc-96f4-34fd9fafa780.png align="center") \-> Select Permission tab \-> Select **Edit** under Bucket policy ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705994585807/8615842f-a405-4417-9eb3-de6d0178b61c.png align="center") \-> Replace the account ID mentioned in the principal. This AWS account is managed by AWS and you have to select the one which assigned to each region. \-> Scroll Down and Select Save Changes ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705997499814/4a995c70-46cc-4b6a-9863-09590fe91278.png align="center") ### Enable and Configure the Access logs \-> Navigate to the Amazon EC2 Console \-> Select Load Balancers from the left navigation pane ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705996418295/ace28046-b7a1-481c-9aaa-24df087ea364.png align="center") \-> Select the attribute tab \-> Select Edit under the attributes ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705996745081/80f310d0-9055-42bc-b61c-ec6f3f8a044a.png align="center") \-> Scroll down the edit page \-> **Enable** access logs under Monitoring section \-> Select Browse for selecting the bucket ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705997028509/0f7df5b8-3bee-4b5d-bc14-e68129422ee7.png align="center") \-> Select the radio button of the bucket \-> Select Choose button on the popup window ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705997241407/28d7364d-26c1-4ff2-a80f-aa6be6a22c33.png align="center") \-> Select Save Changes ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705998208760/988da0d1-d774-431c-b521-f0adcd93b152.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705998295753/23507e99-4ee3-47dc-a33f-bd3b0f02a4cf.png align="center") ### Validation \-> Navigate to Amazon S3 Console \-> Select the Access logs repository bucket \-> Navigate to the test log file Eg: *repo-bucket/AWSLogs/aws account ID/ELBAccessLogTestFile* ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1705998920305/6bfab078-40cb-49b9-aef7-de575a62a44d.png align="center") ### Clean Up As this is a testing environment, you may not need to retain the AWS resources used for creating this lab. Therefore, delete the AWS resources you allocated to avoid incurring further charges.