AWS CloudFront Metric Anomalies

CloudFront is AWS’s global CDN. It can be used to front traffic to various origins like S3, ELB, or EC2. To monitor CloudFront, CloudWatch exposes several metrics that measure usage and performance. Blue Matador automatically watches these metrics and notifies you of anomalies that could potentially signal problems with your CloudFront distributions.

CloudFront Request Count

Traffic to CloudFront is typically fairly constant and anomalous request counts could be caused by errors in your application, such as:

• A release of buggy client code causing erroneous requests to your distribution
• Bad retry logic causing 4xx or 5xx responses cached in your distribution to be requested many times

If your origin is an AWS compute resource, a spike in requests may overload your origin, even with CloudFront as a caching layer. Make sure that those resources are still in a healthy state.

CloudFront Data Transferred

The amount of data CloudFront transfers to clients is a function of the number of requests to your distribution, but is still an important metric to track because it’s how CloudFront is billed. Blue Matador watches the number of bytes downloaded from CloudFront to make certain that it doesn’t change unexpectedly.

CloudFront 4xx HTTP Responses

A number of 4xx responses from CloudFront is always normal, but Blue Matador will watch for anomalies in this metric. When the absolute percentage of requests that result in a 4xx response cross unhealthy thresholds, Blue Matador will send an alert for you to fix the problem. Possible sources of 4xx responses include:

• Adding a link to resources not found in the origin, or removing resources from the origin
• Clients making unauthenticated requests to a resource

The easiest way to diagnose 4xx issues is to enable access logs in CloudFront by following this guide.

CloudFront 5xx HTTP Responses

Blue Matador monitors the percentage of responses from CloudFront that have 5xx response codes for anomalies. When this metric crosses unhealthy thresholds, Blue Matador will alert you to fix the problem. Possible reasons for 5xx include:

• Your origin is overloaded and can’t handle requests
• Timeouts from your origin
• Connection issues from CloudFront to your origin, including SSL issues, security group configuration, or firewall configuration

The easiest way to diagnose 5xx issues is to enable access logs in CloudFront by following this guide.

Resources

• CloudFront Metrics (AWS Documentation)
• How Cloudfront Caches 4xx and 5xx Responses (AWS Documentation)
• Troubleshooting 5xx Responses (AWS Documentation)
• Configuring and Using Access Logs (AWS Documentation)