AWS CloudFront Integration
Monitor CDN cache hit ratio, origin latency, error rates, and bandwidth metrics by distribution across your CloudFront CDN. Get AI-powered cache degradation detection and origin error correlation for your global content delivery.
How It Works
Enable CloudFront Additional Metrics
Enable CloudFront distribution additional metrics in the console or via API. This unlocks cache hit rate, origin latency, and error rate metrics published to the AWS/CloudFront namespace in us-east-1.
Deploy CloudWatch Metric Streams in us-east-1
CloudFront metrics are always published to us-east-1 regardless of origin region. Deploy the TigerOps CloudFormation stack in us-east-1 to stream the AWS/CloudFront namespace to TigerOps.
Enable Real-Time Logs for Deep Analysis
Optionally configure CloudFront Real-Time Logs to stream viewer request details to Kinesis. TigerOps ingests these logs for per-path, per-country, and per-edge-location cache behavior analysis.
Configure Cache Miss and Error Alerts
Set thresholds on CacheHitRate, OriginLatency, 4xxErrorRate, and 5xxErrorRate per distribution. TigerOps fires alerts when cache performance degrades and correlates with origin health metrics.
What You Get Out of the Box
Cache Hit Ratio Monitoring
CacheHitRate percentage per distribution with historical trending. Track cache efficiency across all CloudFront distributions and alert when cache miss rates increase due to TTL changes or cache invalidations.
Origin Latency Tracking
OriginLatency P50, P90, and P99 per distribution. TigerOps correlates origin latency increases with origin server resource metrics, database query times, and application deployment events.
Error Rate Analysis
4xxErrorRate and 5xxErrorRate per distribution with breakdown by HTTP status code. Distinguish between client errors (403, 404) and origin errors (502, 503) for precise alerting.
Bandwidth Metrics by Distribution
BytesDownloaded and BytesUploaded per distribution with daily and monthly trending. Track bandwidth consumption for cost forecasting and detect anomalous traffic patterns.
Request Volume and Geo Distribution
Total request counts per distribution with viewer geographic breakdown from Real-Time Logs. Identify traffic spikes by origin country and compare cache performance by edge location.
AI Cache Performance Anomaly Detection
TigerOps detects sudden drops in cache hit rate caused by cache invalidations, TTL changes, or new query string parameters. AI correlation links cache degradation to specific deployment events.
CloudFormation Stack for CloudFront Metric Streams
Deploy in us-east-1 to capture all CloudFront distribution metrics and enable per-distribution cache and error rate monitoring.
# TigerOps CloudFormation — CloudFront Metric Streams
# IMPORTANT: Deploy this stack in us-east-1 only
# aws cloudformation deploy \
# --template-file tigerops-cloudfront-streams.yaml \
# --stack-name tigerops-cloudfront \
# --region us-east-1 \
# --capabilities CAPABILITY_IAM
Parameters:
TigerOpsApiKey:
Type: String
NoEcho: true
Resources:
TigerOpsCloudFrontStream:
Type: AWS::CloudWatch::MetricStream
Properties:
Name: tigerops-cloudfront-stream
FirehoseArn: !GetAtt TigerOpsDeliveryStream.Arn
RoleArn: !GetAtt MetricStreamRole.Arn
OutputFormat: opentelemetry0.7
IncludeFilters:
- Namespace: AWS/CloudFront
StatisticsConfigurations:
- AdditionalStatistics:
- p50
- p90
- p99
IncludeMetrics:
- Namespace: AWS/CloudFront
MetricName: OriginLatency
TigerOpsDeliveryStream:
Type: AWS::KinesisFirehose::DeliveryStream
Properties:
HttpEndpointDestinationConfiguration:
EndpointConfiguration:
Url: https://ingest.atatus.net/api/v1/cloudwatch
AccessKey: !Ref TigerOpsApiKey
RequestConfiguration:
CommonAttributes:
- AttributeName: service
AttributeValue: cloudfront
- AttributeName: region
AttributeValue: us-east-1
RetryOptions:
DurationInSeconds: 60
# Enable additional metrics per distribution:
# aws cloudfront update-distribution-additional-metrics \
# --distribution-id EDFDVBD6EXAMPLE \
# --enable trueCommon Questions
Why must the TigerOps CloudFormation stack be deployed in us-east-1 for CloudFront?
AWS CloudFront publishes all distribution metrics exclusively to CloudWatch in the us-east-1 region, regardless of where your origins are located. The TigerOps Metric Stream for CloudFront must be deployed in us-east-1 to capture these metrics.
Which CloudFront metrics require enabling additional metrics?
CacheHitRate, OriginLatency, and error rate metrics (4xxErrorRate, 5xxErrorRate, TotalErrorRate) require additional metrics to be enabled per distribution. Standard metrics like Requests, BytesDownloaded, and BytesUploaded are available without additional configuration.
Does TigerOps support CloudFront Real-Time Logs for per-path analysis?
Yes. CloudFront Real-Time Logs deliver viewer request records including URI path, cache status, viewer country, edge location, and response time to Kinesis Data Streams. TigerOps ingests these records for per-path cache hit analysis and viewer experience monitoring.
Can TigerOps monitor CloudFront Functions and Lambda@Edge?
Yes. Lambda@Edge execution metrics are published to CloudWatch in the region where the function executes. TigerOps uses a multi-region Metric Stream configuration to collect Lambda@Edge invocation counts, duration, and error rates across all edge regions.
How does TigerOps correlate CloudFront errors with origin health?
TigerOps links CloudFront 5xx error rate spikes with origin infrastructure metrics. When CloudFront starts returning 502 or 503 errors, TigerOps checks the correlated origin (ALB, EC2, API Gateway) health metrics and surfaces the origin degradation root cause in the same incident view.
Stop Discovering CloudFront Cache Degradation After Your Origin Gets Hammered
Cache hit ratio monitoring, origin latency tracking, and AI cache anomaly detection. Deploy in 5 minutes.