> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tryprofound.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Amazon CloudFront Integration (Data Firehose)

> This documentation explains how to set up Amazon CloudFront real-time logs delivery to Profound Agent Analytics platform using Amazon Data Firehose.

## Overview

The integration uses Amazon Data Firehose to forward CloudFront real-time logs to our Agent Analytics API. Amazon Data Firehose is an AWS service that enables reliable delivery of streaming data to various destinations including HTTP endpoints. For more information about CloudFront real-time logs, [visit the AWS documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html).

## Prerequisites

* An AWS Account with CloudFront and Amazon Data Firehose permissions

* Access to your CloudFront distribution configuration

* A Profound Log Ingestion Token for Agent Analytics

## Configuration

<img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/cloudfront_setup.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=5356d4e17071b78c4a18d7916b638f61" alt="Cloudfront Detected" width="3680" height="2390" data-path="images/agent-analytics/cloudfront_firehose/cloudfront_setup.png" />

<Steps>
  <Step title="Step 1">
    Sign in to the AWS Console and navigate to the Amazon Data Firehose console

    <img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/firehose_console_nav.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=31ed6890bce8b6d3c2ea4b5a097256da" alt="Firehose Console Navigation" width="1046" height="175" data-path="images/agent-analytics/cloudfront_firehose/firehose_console_nav.png" />
  </Step>

  <Step title="Step 2">
    Create a new delivery stream, select "Direct PUT" as source and "HTTP Endpoint" as destination

    <img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/firehose_http_destination.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=b854af041135c268be901b808c13fd31" alt="Firehose HTTP Destination" width="1418" height="705" data-path="images/agent-analytics/cloudfront_firehose/firehose_http_destination.png" />
  </Step>

  <Step title="Step 3">
    1. Configure the HTTP endpoint with the following URL format:

    ```http theme={null}
    https://artemis.api.tryprofound.com/v1/logs/aws_data_firehose_cloudfront
    ```

    2. For authentication, provide your Profound Log Ingestion Token as the access key (we recommend using AWS Secrets Manager for secure token storage).

    <Tip>
      If you are using the [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html), please use the following [JSON format](https://docs.aws.amazon.com/firehose/latest/dev/secrets-manager-whats-secret.html) when creating the secret:
    </Tip>

    ```json theme={null}
    {
      "api_key": "bot_PROFOUND_LOG_INGESTION_TOKEN"
    }
    ```

    3. Enable GZIP content encoding.

           <img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/firehose_http_destination_settings.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=f39d1fa3ee17e2fd13a63fafad1f60b8" alt="Firehose Destination Settings" width="1400" height="1086" data-path="images/agent-analytics/cloudfront_firehose/firehose_http_destination_settings.png" />

    4. Create a new S3 bucket to store failed delivery logs (required by AWS)

           <img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/s3_backup.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=d345ec2b32d1099f661055cd025b2bc0" alt="Firehose S3 Destination" width="2718" height="946" data-path="images/agent-analytics/cloudfront_firehose/s3_backup.png" />
  </Step>

  <Step title="Step 4">
    Go to your CloudFront distribution and navigate to the "Logging" tab.

    <img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/cloudfront_logging.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=cb780dbc9c00f2efcc10fab968fbd21e" alt="CloudFront Logging Tab" width="2828" height="742" data-path="images/agent-analytics/cloudfront_firehose/cloudfront_logging.png" />

    Click the "Add" button and select "Kinesis Data Firehose" as the destination. (Kinesis Data Firehose is the legacy name for Amazon Data Firehose)

    <img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/cloudfront_add_kinesis_data_firehose.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=7526bea9c504503d2019e7021784f368" alt="CloudFront Logging Add" width="570" height="386" data-path="images/agent-analytics/cloudfront_firehose/cloudfront_add_kinesis_data_firehose.png" />
  </Step>

  <Step title="Step 5">
    Now you should be in the "Add standard logging destination" screen. Select the delivery stream you created in Step 3.

    <img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/cloudfront_select_stream.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=30d591f5607b44e2e98bb3b827f45361" alt="CloudFront Logging Select" width="2766" height="854" data-path="images/agent-analytics/cloudfront_firehose/cloudfront_select_stream.png" />

    Under "Additional settings - optional", select the following fields:

    <img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/cloudfront_select.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=885ebac7639ad545f865d39ba7825f7c" alt="CloudFront Logging Additional Settings" width="1485" height="1052" data-path="images/agent-analytics/cloudfront_firehose/cloudfront_select.png" />

    * Time and IP

      * `date` - Date when the request was completed

      * `time` - Time when the request was completed

      * `c-ip` - Client IP address

    * Request Details

      * `cs-method` - HTTP request method

      * `x-host-header` - Host header value of the request

      * `cs-uri-stem` - Request URI path

      * `cs-uri-query` - Request query string

      * `cs(User-Agent)` - Client user agent

      * `cs(Referer)` - Request referrer

    * Response Details

      * `sc-status` - HTTP response status

      * `sc-bytes` - Response size in bytes

      * `time-taken` - Request processing time
  </Step>

  <Step title="Step 6">
    Select `JSON` as the **Output format**.

    <img src="https://mintcdn.com/profound-37face47/dU1U8PbY91PjiXyk/images/agent-analytics/cloudfront_firehose/log_format.png?fit=max&auto=format&n=dU1U8PbY91PjiXyk&q=85&s=9958635a099e3a3ab88597d0df3fcea8" alt="Output format" width="680" height="128" data-path="images/agent-analytics/cloudfront_firehose/log_format.png" />

    Click **Submit** to save the configuration.
  </Step>
</Steps>

<Check>
  That's it! CloudFront will now send real-time logs to Data Firehose, which forwards them to Profound. Data should begin appearing in your dashboard within a few minutes.
</Check>

## Troubleshooting

* If logs aren't appearing, verify your Firehose delivery stream status in CloudWatch

* Check Data Firehose monitoring for delivery errors

* Ensure your Log Ingestion Token is correct

* Verify CloudFront real-time logging is enabled for your distribution

* Check IAM roles have proper permissions for both CloudFront and Firehose

## Additional Resources

* [Amazon CloudFront Real-time Logs Documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html)

* [Amazon Kinesis Data Firehose Documentation](https://docs.aws.amazon.com/firehose/latest/dev/what-is-this-service.html)

* Contact [support@tryprofound.com](mailto:support@tryprofound.com) for API-related questions

## Security Considerations

* Store Log Ingestion Tokens in AWS Secrets Manager

* Regularly rotate your Log Ingestion Token

* Monitor CloudWatch logs for unusual patterns

* Enable CloudTrail for API activity monitoring

* Use IAM roles with least privilege access
