With SAM, there isn't an easy way to configure log group retention for lambda functions. You must create a log group resource and give it the same name as the function being created.
If you try to do this after a log group has already been created, you must delete the log group first. Then you may redeploy and have your associated log group.
But is that worth it?
Two lambdas are provided in this stack:
- delete-unused-log-groups - Removes and lambda log groups that remained when a lambda resource name changed
- set-log-retention - Sets all lambda function log groups to have a retention period defined in an environment variable
The lambdas are triggered on a schedule so you don't have to maintain anything as you continue to build.
This lambda is configured by default to run every day at 2AM UTC. It will set the log retention of all lambdas that do not match the configured retention period in the lambda environment variable.
Set to run every 7 days. As this is likely a much less frequently needed lambda function, you might be able to run it on demand. Resource names do not change frequently (really only when developers change it manually), so this lambda is set less frequently to run.
This template comes configured with a samconfig.toml
file which you can update to match resources in your account. Once you have updated the configuration, you can run the npm run deploy
or sam deploy
command to trigger the deployment into your AWS account.
This project uses the AWS v3 SDK to perform all interactions with the infrastructure. Version 3 of the SDK is not included by default in the lambda environment, so it has been included in a lambda layer so the code is still visible in the AWS console should you choose to edit it.
The lambda functions are running nodejs14.x and are executed on the arm64 architecture aka AWS Graviton2 processor.
You can show your support by following me on Twitter or connecting with me on LinkedIn. I'm always happy to answer any questions you might have and am open to any ideas you'd like to see!