Last active
June 18, 2023 12:44
-
-
Save prenagha/8f4628987ba20d955724bc67268ee088 to your computer and use it in GitHub Desktop.
Set the retention days on any AWS CloudWatch log group that isn't set yet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "SetLogRetain", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "logs:DescribeLogGroups", | |
| "ec2:DescribeRegions", | |
| "logs:PutRetentionPolicy" | |
| ], | |
| "Resource": "*" | |
| } | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| AWS="/usr/local/bin/aws --profile log-retain-mgr --no-paginate --output json" | |
| JQ="/usr/local/bin/jq --raw-output" | |
| for REGION in `$AWS --region us-east-1 ec2 describe-regions | $JQ '.Regions[].RegionName'` | |
| do | |
| echo "Region $REGION" | |
| for GROUP in `$AWS --region "$REGION" logs describe-log-groups | $JQ '.logGroups[] | select (has("retentionInDays") | not).logGroupName'` | |
| do | |
| echo " $REGION $GROUP" | |
| $AWS --region "$REGION" logs put-retention-policy --log-group-name "$GROUP" --retention-in-days 30 | |
| done | |
| done |
If you don't know what jq is you are in for a welcome surprise
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Create a new IAM user, with CLI access, get the access key and secret and load into a AWS CLI profile
log-retain-mgrGive the IAM user the policy seen above
Run the script, it will cycle through all AWS regions, find any CloudWatch Log Groups that have no retention setting, and put a retention days of 30 on them