Easily Save ELB Access Logs to S3: A Complete Walkthrough.

Introduction.

When it comes to running applications on AWS, visibility into traffic, performance, and security is crucial. Elastic Load Balancers (ELBs) play a key role in distributing incoming traffic across multiple targets to ensure fault tolerance and scalability. However, simply using a load balancer isn’t enough—you also need to understand how it’s performing, what kind of requests it’s receiving, and whether it’s encountering any issues. That’s where ELB access logging comes into play. These logs provide detailed information about each request sent to your load balancer, including the time of the request, client IP address, latencies, request paths, and backend responses.

By default, ELB access logs are not enabled, which means you’re missing out on valuable data that can help you troubleshoot latency issues, track unusual client behavior, or comply with security and auditing requirements. One of the most effective and scalable ways to store and retain these logs is through Amazon S3 (Simple Storage Service). S3 offers low-cost, highly durable, and secure object storage that integrates seamlessly with other AWS services. Once the logs are stored in S3, you can analyze them using tools like Amazon Athena, Amazon Redshift, or third-party log analysis platforms.

Enabling ELB access logging to an S3 bucket may seem daunting at first, especially if you’re new to AWS. It requires configuring both the ELB and the S3 bucket properly, setting correct permissions, and understanding the log file structure. Fortunately, AWS has made this process straightforward with the right guidance. In this blog post, we’ll walk you through every step—from creating an S3 bucket and setting the correct permissions, to enabling logging on your load balancer and verifying that logs are being delivered as expected.

This guide is tailored for beginners and intermediate AWS users who want to gain better visibility into their application traffic. Whether you’re running a production web application, testing performance under load, or simply interested in tracking usage patterns, ELB access logs are an essential resource. And by the end of this tutorial, you’ll be able to configure it all with confidence.

We’ll cover best practices for naming and organizing your logs, setting up lifecycle rules to control storage costs, and even touch on querying your logs using Athena for insights. ELB logs can grow rapidly depending on your traffic volume, so having a structured storage strategy is key. With logs flowing into S3 automatically, you gain the flexibility to archive, analyze, or export them based on your organization’s needs.

Let’s get started and unlock the full potential of your ELB logs using Amazon S3!

Step 1: Create an S3 Bucket

1. Log in to AWS Console.
2. Go to S3 > Buckets > Create bucket.
3. Enter a unique bucket name (e.g., my-elb-logs-bucket).
4. Choose a region (ideally same as your ELB).
5. Leave other settings as default or customize as needed.
6. Click Create bucket.

Step 2: Configure Bucket Policy to Allow ELB Logging

1. Go to your bucket > Permissions > Bucket policy.
2. Paste a policy like this (modify region and bucket name):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AWSLogDeliveryWrite",
      "Effect": "Allow",
      "Principal": {
        "Service": "logdelivery.elasticloadbalancing.amazonaws.com"
      },
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-elb-logs-bucket/AWSLogs/<your-account-id>/*"
    }
  ]
}

Replace:

• my-elb-logs-bucket with your bucket name
• <your-account-id> with your 12-digit AWS account ID

You can find your account ID under My Account > Account Settings

Step 3: Enable Access Logging on the Load Balancer

For Application Load Balancer (ALB) or Classic Load Balancer:

1. Go to EC2 > Load Balancers.
2. Select your load balancer.
3. Go to the Description tab and click Edit attributes.
4. In the Access logs section:
   • Check Enable access logs
   • Enter your S3 bucket name
   • Optionally enter a prefix (e.g., elb-logs/)
5. Click Save.

Step 4: Verify Logging Works

1. After some traffic flows through your ELB, check your S3 bucket.
2. Navigate to the prefix path (AWSLogs/<account-id>/elasticloadbalancing/<region>/...)
3. You should see .log files generated within 5–10 minutes.

Conclusion.

Storing ELB access logs in Amazon S3 is a powerful way to gain deeper visibility into your application’s performance, user traffic, and potential security issues. By following the step-by-step process outlined in this guide—creating an S3 bucket, setting the proper permissions, enabling logging on your ELB, and verifying the setup—you’ve taken a crucial step toward better observability and accountability in your AWS environment. With the logs safely stored in S3, you can now integrate with other AWS services like Athena for querying, CloudWatch for alerting, or even external SIEM tools for advanced analysis. This setup not only improves operational insights but also supports compliance and audit requirements. As your application scales, these logs will serve as a valuable asset for maintaining reliability, troubleshooting issues, and understanding usage patterns. Keep in mind to regularly review your S3 bucket’s lifecycle rules to manage storage costs and organize logs efficiently. With a robust logging strategy in place, you’re well-equipped to operate a resilient and data-informed infrastructure on AWS.