CloudFormation Example: Log retention for Lambda and CodeBuild
Some AWS resources, such as Lambda or CodeBuild, create their own log groups to CloudWatch Logs as they are being executed, however, they set them up with no log retention keeping all logs forever. This is sub-optimal as the old logs are not really relevant and storing them costs money.
Unfortunately, Lambda or CodeBuild doesn’t really offer any way to configure the log retention so you’re just stuck with what you get out of the box. However, this would not be much of an article if there would not be a solution to this — You can cheat your way through this limitation by creating a separate log group with the same name that would be created automatically and set the log retention for that. This way any resources in need of such log groups will use the already existing ones instead of creating new. Win.
CloudFormation examples
Lambda and CloudWatch Logs with log retention
AWSTemplateFormatVersion: "2010-09-09"Resources: # Lambda
# ------------------------------------------------------------
LambdaFunction:
Type: AWS::Lambda::Function # Logs
# ------------------------------------------------------------
LogsLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub "/aws/lambda/${LambdaFunction}"
RetentionInDays: 30
CodeBuild and CloudWatch Logs with log retention
AWSTemplateFormatVersion: "2010-09-09"Resources: # CodeBuild
# ------------------------------------------------------------
CodeBuildProject:
Type: AWS::CodeBuild::Project # Logs
# ------------------------------------------------------------
LogsLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub "/aws/codebuild/${CodeBuildProject}"
RetentionInDays: 7
Aaand done — no more logs from years past messing with your log searches or costing you money.
— By Mikko Tikkanen, Technology Lead at Aller Media Finland
