By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How do I create a HAR file and Console logs from my browser for an AWS Support case?

5 minute read
3

AWS Support asked me to create an HTTP Archive (HAR) file and Console logs from my web browser to help them troubleshoot my support case.

Short description

AWS Support uses a HAR file from your browser to investigate or replicate networking issues that you documented in a technical support case.

Important: You must have a Developer, Business, or Enterprise Support plan to open a technical support case.

Warning: HAR files and Console logs can capture sensitive information, such as user names, passwords, and keys. Before you send a HAR file and Console logs to AWS Support, make sure that you remove any sensitive information.

Resolution

For solutions to common issues with the AWS Management Console, see Troubleshooting.

Create a HAR file in your browser

Note: These instructions were last tested on Google Chrome version 116.0.5845.187, Microsoft Edge (Chromium) Version 116.0.1938.81, and Mozilla Firefox version 115.1.0. Because these browsers are third-party products, these instructions might not match the experience in the latest versions or in the version that you use. In another browser, such as Apple Safari for macOS, the process to generate network activity logs might be similar, but the steps are different.

Google Chrome

Complete the following steps:

  1. In the browser, at the top right, choose Customize and control Google Chrome. Or, right-click on a blank area on the page, choose Inspect, and then proceed to step 3.
  2. For More tools, choose Developer tools.
  3. Choose Network.
  4. Select Preserve log.
  5. Choose Clear network log to clear all current network requests, and then choose Record network log.
  6. Open the AWS Management Console, and then reproduce your issue. Or, follow the steps that AWS Support advises in a local setup.
  7. In the DevTools panel, open the context (right-click) menu on any network request.
  8. Choose Save all as HAR with content, and then save the file.
  9. In the DevTools panel, choose Console.
  10. Open the context (right-click) menu on any network request, choose Save as..., and then save the file.

For more information, see Chrome DevTools and HAR import and export buttons on the Chrome for Developers website.

Microsoft Edge (Chromium)

Complete the following steps:

  1. In the browser, at the top right, choose Settings and more. Or, right-click on a blank area on the page, choose Inspect, and then proceed to step 3.
  2. For More tools, choose Developer tools.
  3. Choose Network.
  4. Select the Preserve log check box.
  5. Choose Clear to clear all current network requests, and then choose Record network log.
  6. Open the AWS Management Console, and then reproduce your issue. Or, follow the steps that AWS Support advises in a local setup.
  7. In the DevTools panel, open the context (right-click) menu on any network request.
  8. Choose Save all as HAR with content, and then save the file.
  9. In the DevTools panel, choose Console.
  10. Open the context (right-click) menu on any network request, choose Save as..., and then save the file.

For more information, see Save all network requests to a HAR file on the Network Analysis Reference page of the Microsoft Documentation website.

Mozilla Firefox

Complete the following steps:

  1. In the browser, at the top right, choose Open Application Menu. Or, right-click on a blank area on the page, choose Inspect, and then proceed to step 3.
  2. Choose More tools, and then choose Web Developer tools.
  3. In the Web Developer menu, choose Network. In some versions of Firefox, the Web Developer menu is in the Tools menu.
  4. Choose the gear icon, and then select Persist Logs.
  5. Choose the trash can icon to clear all current network requests, and then choose Analyze to start performance analysis.
  6. Open the AWS Management Console, and then reproduce your issue. Or, follow the steps that AWS Support advises in a local setup.
  7. In the Network Monitor, open the context (right-click) menu on any network request in the request list.
  8. Choose Save All As HAR, and then save the file.
  9. In the DevTools panel, choose Console.
  10. Open the context (right-click) menu on any console request, choose Save all Messages to File, and then save the file.

For more information, see Network Monitor and Network request list on the Firefox Source Docs website.

Edit the HAR file and Console logs

Complete the following steps:

  1. Open the file in a text editor application.
  2. Use the text editor's Find and Replace tools to identify and replace all sensitive information in the file. Also, make sure to remove or mask cookies and authentication headers.
    Note: You can replace sensitive information with a generic string, such as "REDACTED_DUE_TO_SECURITY."
  3. Save the edited file and repeat these instructions for the next file.

Submit the HAR file and Console logs

Complete the following steps:

  1. In the AWS Support Center, under Open support cases, choose your support case.
  2. In your support case, choose your preferred contact option, attach the edited HAR file and Console logs, and then submit them.

Related information

What browsers does the AWS Management Console support?

AWS OFFICIAL
AWS OFFICIALUpdated a year ago
9 Comments

Could you please add description about Console log into this article? It exists in "Console" panel on Developer Tools and it is as important as HAR file when we investigate a console issue.

AWS
replied a year ago

Updated article, thank you for the feedback.

profile pictureAWS
SUPPORT ENGINEER
replied a year ago

I really wish this article had some help for redacting sensitive info... I have no idea which AWS parameters are sensitive or not. Also doing this manually is a huge PITA. I'm having to use silly regexes with sed to fix up the HAR JSON, in order to save myself from a ton of error-prone manual work.

replied 10 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
EXPERT
replied 10 months ago

Until the review is complete... giving a blanket recommendation on what to redact is a bit of a challenge as there is no standard set of sensitive information. And how that sensitive information is included in the HAR file isn't consistent.

For example, if you capture an authentication attempt to Identity Center using Identity Provider X, the resulting HAR file will very likely show the HTTP call where your sent over your password to Identity Provider X. So you want to remove that password. If you authenticate using Identity Provider Y, the same thing happens.

But where the password is displayed (is it a HTTP query parameter? Is it sent in the body of the HTTP request?) depends on the Identity Provider itself and how the Identity Provider implemented their login flow. Also, if you're already logged into your Identity Provider, it may just forward you along without asking for your password again. So your password may not always be in the HAR file -- it depends on a lot of factors.

At the very least, I would suggest opening the HAR file in a text editor and doing a Find command using the plaintext value of your password. Wherever you find your password, remove it.

Regarding sensitive information about your Amazon environment itself, I wouldn't suggest redacting that. Because different support issues require different types of information. And there's no real way to list all types of support cases and what information is needed to troubleshoot.

AWS
replied 10 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
EXPERT
replied 10 months ago

You mention to "mask cookies and authentication headers", I wish you could provide more information about what specifically to mask. The HAR file I got is 12,000 lines long and contains more than 100 requests. Is the cookie aws-creds sensitive? What about the s_eVar60 header? aws-userInfo-signed? noflush_awsccs_sid? This is a lot to ask of people.

replied 6 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 6 months ago

I was linked to this article by AWS support as I was requested to provide a HAR file for an AWS CLI command we were having an issue with. The article does not provide information for this case. For CLI debugging below is the solution I found. I used this on Mac OS , but it should work on linux too.

For below steps Python installation is required as well as a functioning "pip" package manager for Python.

Terminal 1:

pip install mitmproxy
mitmproxy --set hardump=dump.har -w output.dump

On Terminal 1 you will see any requests made via a proxy which mitmproxy starts on port 8080.

Terminal 2:

HTTP_PROXY=http://localhost:8080 HTTPS_PROXY=http://localhost:8080 AWS_CA_BUNDLE=/Users/yourusername/.mitmproxy/mitmproxy-ca-cert.pem aws sts get-caller-identity

Replace the path to the CA cert, it should be located under .mitmproxy/mitmproxy-ca-cert.pem in your user's directory.

Replace the "sts get-caller-identity" command with whichever command you are debugging.

You will see the requests being logged in Terminal 1.

Once you quit mitmproxy using "q" key, the generated "dump.har" file is the HAR file. You should edit this file and remove sensitive information like security tokens and then provide the file to AWS.

replied 4 months ago