Amazon CloudWatch Logs is used as centralized place to monitor, store, and access all our log files from different AWS services
CloudWatch organises logs in a log group and when a new log group is created, it’s retention period is set to Never expire by default, which means logs will be retained forever.
Here is a sample python script that helps with changing the retention days to 60.
import boto3 # set the number of retention days retention_days = 60 # list the regions you are interested to run this script on regions=['us-east-1'] for region in regions: client = boto3.client('logs',region) response = client.describe_log_groups( ) nextToken=response.get('nextToken',None) retention = response['logGroups'] while (nextToken is not None): response = client.describe_log_groups( nextToken=nextToken ) nextToken = response.get('nextToken', None) retention = retention + response['logGroups'] for group in retention: if 'retentionInDays' in group.keys(): print(group['logGroupName'], group['retentionInDays'],region) else: print("Retention Not found for ",group['logGroupName'],region) setretention = client.put_retention_policy( logGroupName=group['logGroupName'], retentionInDays=retention_days ) print(setretention) Once this script is run problem is solved for existing log groups but it would be nice to automate it using cloud watch events to run a python code using lambda in that way all the log groups created going forward will have retention value set.
Top comments (0)