-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(logs): delete associated log group when stack is deleted #11549
Comments
We could add this feature on the Note that, the default must be to retain the logs. |
This would be a really useful feature. I'm creating a lot of temporary stacks for automated testing in CI, and it's leaving behind lots of log groups. |
agreed, for the same reason as jagregory |
I am tempted to give it a shot. Recently been playing with cdk internals to learn a bit more and this particular use case is close to my heart as well. Not promising anything, but will certainly play with it. |
+1 Sorry, I'm new to CDK universe (but not to CloudFormation). Does anybody know why does the log group needs to be created by custom resource? I've successfully accomplished this without need for any custom resources in CloudFromation/Serverless Framework in the past. |
It creates the log group to be able to set the retention time. Otherwise, the log group will only be created once a Lambda logs something - with no expiry date set. |
@mlafeldt you can create the log group inside CloudFormation and set it retention as parameter. And then when the stack gets removed, it removes also the log group. But it's true that I remember some case, when lambda executed during stack removal and in the meantime the log group was removed, but since there was a little delay before cloudwatch delivered the logs, it created a new log group with "Never expire" retention. So maybe it's trying to address this issue. 🤷♂️ |
Yes, that's what I do if I truly care about cleanup. Most of the time I do not and |
PS: A friend of mine recently released https://github.com/itmettkeDE/lambda-delete-unnused-aws-loggroups, which cleans up Lambda and CodeBuild logs. |
Yes, |
@shishkin but then what'll delete the LogRetention's backing lambda function's log group after it gets deleted? 🤓 |
If LogRetention lambda is a singleton resource its single log group is lesser evil than log groups created for each user lambda. And if it is a singleton resource with a known log group name, maybe another custom resource could delete it as part of the stack deletion? And if that resource lacks CloudWatch permissions it would not leave behind any own logs 🤔 |
Maybe I'm completely missing something here but I'm not sure why we should be so reliant on Cfn custom resources for everything. Why can we not handle this post-destroy? Can we keep track of what Cfn has deployed and any "possible" children (i.e. Lambda LogGroups) then present information on orphaned resources that are not removed during Cfn delete? This would be useful in CI to just say during post-build teardowns "here's a list of possibly orphaned resources - delete them" |
Creating a log group with the same name is a workaround:
This, however, breaks other integrations with the custom resource like subscriptions. So a way to directly configure the RemovalPolicy would be better. |
Another alternative is changing policies on the role to deny log access , to stop them being created in the first place. const BucketDeploymentHandler = this.bucketDeployment.node.findChild('CustomResourceHandler') as SingletonFunction;
BucketDeploymentHandler.addToRolePolicy(new PolicyStatement({
actions:['logs:*'],
resources:['*'],
effect: Effect.DENY
})
) |
---- Motivation: The log group created by LogRetention lingers after the stack is deleted. This commit allows users to choose whether to retain or destroy associated logs of the deleted stack. Use case: To avoid having hundreds of dead log groups after the stack is deleted. most salient design aspects: Added an enum LogDeletionPolicy and set LogDeletionPolicy in the LogRetetion custom resource. Added an API deleteLogGroup and added an event 'Delete' to the handler of LogRetetion to delete the log group. closes [#11549](#11549) ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
) ---- Motivation: The log group created by LogRetention lingers after the stack is deleted. This commit allows users to choose whether to retain or destroy associated logs of the deleted stack. Use case: To avoid having hundreds of dead log groups after the stack is deleted. most salient design aspects: Added an enum LogDeletionPolicy and set LogDeletionPolicy in the LogRetetion custom resource. Added an API deleteLogGroup and added an event 'Delete' to the handler of LogRetetion to delete the log group. closes [aws#11549](aws#11549) ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) ---- Motivation: The log group created by LogRetention lingers after the stack is deleted. This commit allows users to choose whether to retain or destroy associated logs of the deleted stack. Use case: To avoid having hundreds of dead log groups after the stack is deleted. most salient design aspects: Added an enum LogDeletionPolicy and set LogDeletionPolicy in the LogRetetion custom resource. Added an API deleteLogGroup and added an event 'Delete' to the handler of LogRetetion to delete the log group. closes [aws#11549](aws#11549) ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Bump This is a very important feature IMO |
It has been implemented. |
Oh that's great. Thanks for letting me know @gshpychka ! |
When the log group of a Lambda function is created by the LogRetention custom resource, then those log groups linger after the stack has been deleted. It should be possible to configure the removal policy.
Use Case
Not having hundreds of dead log groups around, created for PR and test deployments.
Proposed Solution
This requires setting the
deletionPolicy
on theCfnResource
, and implementing support for the "Delete" event type in the custom resource itself.Other
N/A
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: