AWS Lambda and I have a love/hate relationship. There is much about Lambda to like, but there are also some very sharp edges operationally.
One of the cool things is that you get a new CloudWatch Log Group for every new Lambda function without any effort on your part. Less cool is that it has unlimited retention. If you haven't yet followed Yan Cui's advice, then you can use some Bash/CLI magic to fix retention on your existing Log Groups.
First, get a list of all your default Lambda log groups:
Read that into a Bash array:
Then, add a 7 day retention policy to all those log groups:
It's a hack, but if you're going to put in the effort to do it right, then set up that CloudWatch Event/Lambda that manages it for you.
One of the cool things is that you get a new CloudWatch Log Group for every new Lambda function without any effort on your part. Less cool is that it has unlimited retention. If you haven't yet followed Yan Cui's advice, then you can use some Bash/CLI magic to fix retention on your existing Log Groups.
First, get a list of all your default Lambda log groups:
aws logs describe-log-groups --log-group-name-prefix "/aws/lambda" | grep logGroupName | cut -d : -f 2 | cut -d \" -f 2 > /tmp/lambda_logs
Read that into a Bash array:
readarray -t log_groups < /tmp/lambda_logs
Then, add a 7 day retention policy to all those log groups:
for i in "${log_groups[@]}"; do aws logs put-retention-policy --log-group-name $i --retention-in-days 7; done
It's a hack, but if you're going to put in the effort to do it right, then set up that CloudWatch Event/Lambda that manages it for you.
Comments