How can I find an ELB access log file for a Classic Load Balancer or an Application Load Balancer in Amazon S3?

Last updated: 2019-05-31

I need to find an Elastic Load Balancing (ELB) access log in the Amazon Simple Storage Service (Amazon S3) bucket that it's configured with. How can I locate an ELB access log file for a Classic Load Balancer or an Application Load Balancer?

Resolution

  1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  2. In the navigation pane, under Load Balancing, choose Load Balancers.
  3. Select the load balancer where you want to search for your access log file.
  4. On the Description tab, scroll to the Attributes section, and then note the Amazon S3 location value in Access logs.
    Note: Location values use the format s3bucket/prefix. However, not all location values contain a prefix.
  5. Open the Amazon S3 console, and then enter the bucket name without the prefix (if it contains one) in Search for buckets.
  6. Select your S3 bucket to open the Bucket page.
  7. If your bucket name contains a prefix, enter the prefix in the Amazon S3 search. Then, select the appropriate prefix name from the search results.
  8. Select the path AWSLogs/aws-account-id/elasticloadbalancing/region/yyyy/mm/dd/ where:
    aws-account-id = Account ID where the load balancer is located
    region = Region where the load balancer is located
    yyyy/mm/dd = Date
  9. All logs from the specified date appear. If you have multiple load balancers storing logs to this location, use the search bar to find logs for your specific load balancer. Enter the beginning of the file name, up to and including the load balancer name.
    Note: Be sure to use the appropriate file name format for Classic Load Balancers or Application Load Balancers. For Classic Load Balancers, load-balancer-name is the name of the Classic Load Balancer. For Application Load Balancers, load-balancer-id is the final three elements of the Application Load Balancer's ARN, with all slashes replaced by periods.
  10. After you filter logs by name, use the timestamp in the file names to find logs from the specified time frame.
    Note: The timestamp in the file name indicates the end time of the logging interval in UTC. However, timestamps in the Amazon S3 console are set to the time zone of your local machine.
  11. You might see multiple logs with the same end time. Multiple nodes are available for requests, and each node emits its own log for the requests that it receives. Aggregate these separate logs to get a more complete view of requests during the specified time.