Enable HTTP request log shipping
Prerequisites
Access to the VIP Dashboard.
AWS S3 bucket requirements
- Access to an existing AWS S3 bucket. The bucket name and region will be needed for configuration.
- See the AWS bucket naming rules documentation, and avoid using any character other than lower case letters, numbers, or hyphens in bucket names.
- Access to create/update the AWS Bucket Policy configuration for the S3 bucket.
- The S3 bucket must not use KMS encryption. If default encryption is needed, use the SSE-S3 option.
Enable Log Shipping
- Navigate to the VIP Dashboard and select the “Settings” panel option at the left.
- Below “Add-ons” select “Log Shipping“.
- Select the “Configuration” tab.
- Enter the “Bucket Name” and “Bucket Region” values for the S3 bucket that will receive the shipped logs from VIP.
- Select “Continue“.
- Copy the contents of the JSON-formatted “Generated Access Policy” config file. Add the Generated Access Policy content to the S3 bucket by following the instructions for Granting AWS Config access to the Amazon S3 Bucket.
- “Test Configuration” by selecting “Test and Continue“. A test file named vip-go-test-file.txt will be uploaded to the S3 bucket as part of the verification process. This file will always be present in a site’s configured S3 bucket and path, alongside the dated folders that contain the logs themselves.
- If the configuration test was successful, select “Enable Add-on” for log shipping to the S3 bucket to begin.
Disable Log Shipping
- Navigate to the VIP Dashboard and select the “Settings” panel option at the left.
- Below “Add-ons” select “Log Shipping“.
- Select the “Configuration” tab.
- Select “Disable Add-on“.
Restricting access by IP range
To restrict access to an AWS S3 bucket via IP range, ensure your bucket access policy accounts for the dynamic IP range accessible at https://go-vip.net/ip-ranges.json. A system to auto-update the access policy will need to be implemented, as the IP ranges are subject to change.