Rankly reads your CloudFront standard logs through an Amazon Data Firehose delivery stream. No code runs in your request path; CloudFront sends logs to Firehose, and Firehose forwards them to Rankly.
Prerequisites. An AWS account with a CloudFront distribution, and a verified domain in Rankly. Your ingest token is in Settings and is baked into the script Rankly generates.

Setup

1

Create the Firehose stream

Open AWS CloudShell and paste the block Rankly generates for you. It creates an IAM role, an S3 bucket for failed-delivery backups, and a Firehose stream pointed at Rankly. It is idempotent, so rerunning is safe.
rankly-cloudfront-setup.sh
set -euo pipefail
REGION="us-east-1"
STREAM="rankly-aa-<token>-firehose"
ROLE="rankly-aa-<token>-role"
BUCKET="rankly-aa-<token>-backup"
INGEST_URL="https://ingest.tryrankly.com/ingest/cloudfront?tenant=tnt_your_token"
ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text)

# 1. S3 bucket for failed deliveries
aws s3api create-bucket --bucket "$BUCKET" --region "$REGION" \
  $( [ "$REGION" = "us-east-1" ] || echo "--create-bucket-configuration LocationConstraint=$REGION" ) 2>/dev/null || true

# 2. IAM role + Firehose stream pointed at Rankly (full block in CloudShell)
#    Firehose: Direct PUT -> HTTP endpoint, GZIP encoding, JSON output.
Run the whole block. When it finishes it prints the stream name.
2

Attach the stream to CloudFront

In the CloudFront console, open your distribution and go to the Logging tab. Turn standard logging on and configure:
SettingValue
Log destinationAmazon Data Firehose
Delivery streamthe rankly-aa-...-firehose stream you just created
Output formatJSON
Select these fields: date, time, c-ip, cs-method, x-host-header, cs-uri-stem, cs-uri-query, cs(User-Agent), cs(Referer), sc-status, sc-bytes, x-edge-request-id.
3

Send a test request

curl -A "GPTBot/1.0" https://your-domain.com/
CloudFront takes a few minutes to deploy globally, then events flow to Rankly within about a minute.
CloudFront delivers logs in small batches, so there is a short delay (usually under a minute) between a request and the event appearing. This is normal for log-based integrations.