Cloudformation Log Retention Policy in Existing Log groups
Started to add log retention policies to existing lambdas made by cloudformation. Ended up writing a script to put them.
The following resource(s) failed to create: [Log Group]. /aws/lambda/log-thing already exists.
Double Checked my Cloudformation Syntax. All good.
Learned that if your Log group exists you cannot update the log retention policy in a cloudformation template. (might be able to with conditionals or something — this is easier).
Thought about tearing down all my cloudformation environments and rebuilding with the log retention policy in there ‘cause that would work. That’s a bad idea and might get me fired.
AWS CLI has a put retention policy and describe log groups. It’s a simple script.
## Gets log groupsaws logs describe-log-groups --output table >> MyLogGroups.csv
Took that CSV and separated the columns by spaces. See the picture at the bottom of this. I’m sure google sheets can do it too. Pasted that into a text file called MyLogGroups.txt. Replace <#ofdays> with an integer like 60=2months
##BASH Puts Retention Policywhile read LogNames; do aws logs put-retention-policy --retention-in-days <#ofdays> --log-group-name $LogNames && echo $p ;done <MyLogGroups.txt
The Echo isn’t needed but it’s nice to see the logs go by.
After this you cloud put the number of days into the CF template. I kept the script around, seemed easier. If the stack is deleted and rebuilt, the log retention policy isn’t my big worry.
If you wanted to be the coolest you could have the describe log groups pipe into a regex or something and then have those log group values put into the command for putting the retention policy. So if you do that tell me to link to that and call you the coolest.
___________________________________________________
someone out there is the coolest
aws logs describe-log-groups --output text > loggroups.txtloggroups.txt | awk '{print $4}' >loggroup.names.txtwhile read LogNames; do aws logs put-retention-policy --retention-in-days $days --log-group-name $LogNames && echo $p ;done <loggroup.names.txt
He says it works so… ther you go. Anton Baranau — Medium
