Monitoring & Logging

For a serverless architecture, operational visibility is achieved by aggregating logs from the cloud services and deployment pipeline. This section outlines the lightweight strategy for maintaining insight into the site's health and activity.

Infrastructure Logs

The underlying AWS services generate detailed access logs which are the primary source of truth for traffic analysis and security auditing.

CloudFront Access Logs

The CloudFront distribution provides logs with deep insight into user requests, including cache status, latency, user agent, and geography. They are essential for understanding performance and traffic patterns.

S3 Server Access Logs

These logs serve as a key security tool. They are used to verify that no public traffic is directly hitting the S3 bucket and to audit the activity of the CloudFront Origin Access Identity.

Both log types can be enabled and queried on demand using services like Amazon Athena.

Deployment Pipeline Logs

Active monitoring of the deployment process itself is critical for maintaining a reliable and secure CI/CD lifecycle.

GitHub Actions Build Logs

The GitHub Actions workflow provides a complete, timestamped log for every deployment. These logs are fully auditable and are the first place to check for build failures, authentication issues, or problems with the S3 sync process.