Allow lambda loggroup retention settings

[muckelba]

Describe the feature

I recently noticed that my AWS account has a lot of loggroups of lambdas from old, deleted blueprints clusters. All loggroups have their retention set to Never expire. It would be nice if there's a blueprints option to configure the lambda settings (including retention).

Not sure if that's somehow already possible but i was not able to find an option for that.

Use Case

To prevent AWS accounts to be flooded with old, uneeded CloudWatch loggroups.

Proposed Solution

No response

Other Information

No response

Acknowledgements

• I may be able to implement this feature request

CDK version used

2.147.3 (build 32f0fdb)

EKS Blueprints Version

1.16.3

Node.js Version

v20.12.2

Environment details (OS name and version, etc.)

Ubuntu 22.04

[shapirov103]

@muckelba I assume you mean log groups for the lambdas that support custom resources for CDK such as the one handling EKS cluster creation or helm chart installation. I looked around in the past and could not find a specific controls in CDK to make it happen. Let me take another look now. Worst case, I will have to create an issue against CDK and reference it there.

[github-actions]

This issue has been automatically marked as stale because it has been open 60 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[muckelba]

Hey @shapirov103 any updates? :)

[shapirov103]

@muckelba here are the options, discussing it in the open to get any feedback from the customers to make a decision:

TLDR: please upvote aws/aws-cdk#33196 (it has some pointers to the solution)

Long version:

At present, the custom resources and lambda functions created by the CDK don't specify an explicit log group. When that happens, by default lambda will use aws/lambda/ log group, it is created automatically and sets to never for retention.
Exception is /aws/vendedlogs/states/waiter-state-machine-<name> log group which is actually referenced in the synthesized template.
I can adjust the log groups that are produced in the blueprints template with an aspect, but that will only affect the state-machine logs, which I am not sure is the major issue as that one is set to expire by default (731 days).

in order to address the CDK custom resources we can create a log group for all functions, set retention and use an aspect to modify every Function produced by the blueprints to use that one. You will get messages from multiple blueprint specific functions in the same log group. Is that an acceptable solution? Please note this will be a blueprint specific mechanism as I don't observe a clear path to solve it in CDK.

As an interim I can provide a script to run against all aws/lambda resources in an account (or based on provided regex) and set retention to X. While an ugly overall solution, it can address the issue for the existing blueprints. As an option this script can just delete the log groups based on the provided pattern.

Happy to hear your thoughts on this.

[nilroy]

@shapirov103 @muckelba I have been using the solution I mentioned here for a while and its been working perfectly so far

[shapirov103]

@nilroy thanks for sharing the solution. I am thinking either we can incorporate it into the blueprints as an opt-in or it will be in the patterns repo as an example.