diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/LambdaLogRetentionIntegDefaultTestDeployAssert90E53934.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/LambdaLogRetentionIntegDefaultTestDeployAssert90E53934.assets.json index 25f36a717fdb4..a0eecb4c504b8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/LambdaLogRetentionIntegDefaultTestDeployAssert90E53934.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/LambdaLogRetentionIntegDefaultTestDeployAssert90E53934.assets.json @@ -1,5 +1,5 @@ { - "version": "41.0.0", + "version": "44.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "displayName": "LambdaLogRetentionIntegDefaultTestDeployAssert90E53934 Template", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/aws-cdk-lambda-log-retention.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/aws-cdk-lambda-log-retention.assets.json index a394da0b2a079..9084f6d93276d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/aws-cdk-lambda-log-retention.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/aws-cdk-lambda-log-retention.assets.json @@ -1,5 +1,5 @@ { - "version": "41.0.0", + "version": "44.0.0", "files": { "c9e084a249774d97a978bed2e1976874a70517128a904136b8737f0792322c1f": { "displayName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code", @@ -15,7 +15,7 @@ } } }, - "1900087e8943cb56dee3ba9960694a4a841e70756f48410677ffea976cf2a326": { + "31e5c23f0944979ce928695f20dfdbf9a47feec0d00dbd1218ad14d33fe27e2b": { "displayName": "aws-cdk-lambda-log-retention Template", "source": { "path": "aws-cdk-lambda-log-retention.template.json", @@ -24,7 +24,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "1900087e8943cb56dee3ba9960694a4a841e70756f48410677ffea976cf2a326.json", + "objectKey": "31e5c23f0944979ce928695f20dfdbf9a47feec0d00dbd1218ad14d33fe27e2b.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/aws-cdk-lambda-log-retention.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/aws-cdk-lambda-log-retention.template.json index 38d4aa924aab0..b696f94bd602d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/aws-cdk-lambda-log-retention.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/aws-cdk-lambda-log-retention.template.json @@ -70,7 +70,8 @@ ] ] }, - "RetentionInDays": 7 + "RetentionInDays": 7, + "RemovalPolicy": "destroy" } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { @@ -116,6 +117,84 @@ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": "logs:DeleteLogGroup", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/", + { + "Ref": "OneMonth64E966BF" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/", + { + "Ref": "OneWeekFE56F6A4" + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/lambda/", + { + "Ref": "OneYearA82EBDA9" + }, + ":*" + ] + ] + } + ] } ], "Version": "2012-10-17" @@ -230,7 +309,8 @@ ] ] }, - "RetentionInDays": 30 + "RetentionInDays": 30, + "RemovalPolicy": "destroy" } }, "OneYearServiceRole24D47762": { @@ -303,7 +383,8 @@ ] ] }, - "RetentionInDays": 365 + "RetentionInDays": 365, + "RemovalPolicy": "destroy" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/cdk.out index 188478b55560e..b3a26d44a5f73 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"41.0.0"} \ No newline at end of file +{"version":"44.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/integ.json index 008cc7759d95b..f331e230bd8fb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "41.0.0", + "version": "44.0.0", "testCases": { "LambdaLogRetentionInteg/DefaultTest": { "stacks": [ @@ -10,5 +10,5 @@ "assertionStackName": "LambdaLogRetentionIntegDefaultTestDeployAssert90E53934" } }, - "minimumCliVersion": "2.1005.0" + "minimumCliVersion": "2.1018.0" } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/manifest.json index 3035ab19f2bc1..a7cf8869d52ce 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "43.0.0", + "version": "44.0.0", "artifacts": { "aws-cdk-lambda-log-retention.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1900087e8943cb56dee3ba9960694a4a841e70756f48410677ffea976cf2a326.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/31e5c23f0944979ce928695f20dfdbf9a47feec0d00dbd1218ad14d33fe27e2b.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -123,6 +123,30 @@ "*" ] } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToPrincipalPolicy": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToPrincipalPolicy": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToPrincipalPolicy": [ + {} + ] + } } ], "/aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/ImportServiceRole": [ @@ -158,6 +182,30 @@ ] } }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addStatements": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addStatements": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addStatements": [ + {} + ] + } + }, { "type": "aws:cdk:analytics:method", "data": { @@ -357,5 +405,5 @@ } } }, - "minimumCliVersion": "2.1015.0" + "minimumCliVersion": "2.1018.0" } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/tree.json index 4e82ee01f9933..2cc9c56ffdd18 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.js.snapshot/tree.json @@ -1 +1 @@ -{"version":"tree-0.1","tree":{"id":"App","path":"","children":{"aws-cdk-lambda-log-retention":{"id":"aws-cdk-lambda-log-retention","path":"aws-cdk-lambda-log-retention","children":{"OneWeek":{"id":"OneWeek","path":"aws-cdk-lambda-log-retention/OneWeek","children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-lambda-log-retention/OneWeek/ServiceRole","children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-lambda-log-retention/OneWeek/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneWeek/ServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]}]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneWeek/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"zipFile":"exports.handler = (event) => console.log(JSON.stringify(event));"},"handler":"index.handler","role":{"Fn::GetAtt":["OneWeekServiceRole05A6F9F8","Arn"]},"runtime":"nodejs18.x"}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"0.0.0"}},"LogRetention":{"id":"LogRetention","path":"aws-cdk-lambda-log-retention/OneWeek/LogRetention","children":{"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneWeek/LogRetention/Resource","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_logs.LogRetention","version":"0.0.0"}},"LogGroup":{"id":"LogGroup","path":"aws-cdk-lambda-log-retention/OneWeek/LogGroup","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"0.0.0","metadata":[{"code":"*","handler":"*","runtime":"*","logRetention":7}]}},"LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a":{"id":"LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a","children":{"Code":{"id":"Code","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code","children":{"Stage":{"id":"Stage","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"AssetBucket":{"id":"AssetBucket","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"0.0.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"0.0.0"}},"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole","children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy","children":{"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:DeleteRetentionPolicy","logs:PutRetentionPolicy"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"},"policyName":"LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB","roles":[{"Ref":"LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]}]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]}]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}},"constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"LatestNodeRuntimeMap":{"id":"LatestNodeRuntimeMap","path":"aws-cdk-lambda-log-retention/LatestNodeRuntimeMap","constructInfo":{"fqn":"aws-cdk-lib.CfnMapping","version":"0.0.0"}},"OneMonth":{"id":"OneMonth","path":"aws-cdk-lambda-log-retention/OneMonth","children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-lambda-log-retention/OneMonth/ServiceRole","children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-lambda-log-retention/OneMonth/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneMonth/ServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]}]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneMonth/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"zipFile":"exports.handler = (event) => console.log(JSON.stringify(event));"},"handler":"index.handler","role":{"Fn::GetAtt":["OneMonthServiceRoleFBD1064F","Arn"]},"runtime":"nodejs18.x"}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"0.0.0"}},"LogRetention":{"id":"LogRetention","path":"aws-cdk-lambda-log-retention/OneMonth/LogRetention","children":{"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneMonth/LogRetention/Resource","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_logs.LogRetention","version":"0.0.0"}},"LogGroup":{"id":"LogGroup","path":"aws-cdk-lambda-log-retention/OneMonth/LogGroup","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"0.0.0","metadata":[{"code":"*","handler":"*","runtime":"*","logRetention":30}]}},"OneYear":{"id":"OneYear","path":"aws-cdk-lambda-log-retention/OneYear","children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-lambda-log-retention/OneYear/ServiceRole","children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-lambda-log-retention/OneYear/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneYear/ServiceRole/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]}]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneYear/Resource","attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"zipFile":"exports.handler = (event) => console.log(JSON.stringify(event));"},"handler":"index.handler","role":{"Fn::GetAtt":["OneYearServiceRole24D47762","Arn"]},"runtime":"nodejs18.x"}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"0.0.0"}},"LogRetention":{"id":"LogRetention","path":"aws-cdk-lambda-log-retention/OneYear/LogRetention","children":{"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneYear/LogRetention/Resource","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_logs.LogRetention","version":"0.0.0"}},"LogGroup":{"id":"LogGroup","path":"aws-cdk-lambda-log-retention/OneYear/LogGroup","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}}},"constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"0.0.0","metadata":[{"code":"*","handler":"*","runtime":"*","logRetention":365}]}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-lambda-log-retention/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-lambda-log-retention/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"}},"LambdaLogRetentionInteg":{"id":"LambdaLogRetentionInteg","path":"LambdaLogRetentionInteg","children":{"DefaultTest":{"id":"DefaultTest","path":"LambdaLogRetentionInteg/DefaultTest","children":{"Default":{"id":"Default","path":"LambdaLogRetentionInteg/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"LambdaLogRetentionInteg/DefaultTest/DeployAssert","children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"LambdaLogRetentionInteg/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"LambdaLogRetentionInteg/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}},"constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"}}},"constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"}}},"constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}},"constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"}}} \ No newline at end of file +{"version":"tree-0.1","tree":{"id":"App","path":"","constructInfo":{"fqn":"aws-cdk-lib.App","version":"0.0.0"},"children":{"aws-cdk-lambda-log-retention":{"id":"aws-cdk-lambda-log-retention","path":"aws-cdk-lambda-log-retention","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"OneWeek":{"id":"OneWeek","path":"aws-cdk-lambda-log-retention/OneWeek","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"0.0.0","metadata":[{"code":"*","handler":"*","runtime":"*","logRetention":7}]},"children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-lambda-log-retention/OneWeek/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-lambda-log-retention/OneWeek/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneWeek/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}}}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneWeek/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"zipFile":"exports.handler = (event) => console.log(JSON.stringify(event));"},"handler":"index.handler","role":{"Fn::GetAtt":["OneWeekServiceRole05A6F9F8","Arn"]},"runtime":"nodejs18.x"}}},"LogRetention":{"id":"LogRetention","path":"aws-cdk-lambda-log-retention/OneWeek/LogRetention","constructInfo":{"fqn":"aws-cdk-lib.aws_logs.LogRetention","version":"0.0.0"},"children":{"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneWeek/LogRetention/Resource","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"LogGroup":{"id":"LogGroup","path":"aws-cdk-lambda-log-retention/OneWeek/LogGroup","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}}}},"LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a":{"id":"LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"},"children":{"Code":{"id":"Code","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code","constructInfo":{"fqn":"aws-cdk-lib.aws_s3_assets.Asset","version":"0.0.0"},"children":{"Stage":{"id":"Stage","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/Stage","constructInfo":{"fqn":"aws-cdk-lib.AssetStaging","version":"0.0.0"}},"AssetBucket":{"id":"AssetBucket","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/AssetBucket","constructInfo":{"fqn":"aws-cdk-lib.aws_s3.BucketBase","version":"0.0.0","metadata":[]}}}},"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]},{"addToPrincipalPolicy":[{}]},{"attachInlinePolicy":["*"]},{"attachInlinePolicy":["*"]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]},{"addToPrincipalPolicy":[{}]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}},"DefaultPolicy":{"id":"DefaultPolicy","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Policy","version":"0.0.0","metadata":["*",{"attachToRole":["*"]},{"attachToRole":["*"]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]},{"addStatements":[{}]}]},"children":{"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnPolicy","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Policy","aws:cdk:cloudformation:props":{"policyDocument":{"Statement":[{"Action":["logs:DeleteRetentionPolicy","logs:PutRetentionPolicy"],"Effect":"Allow","Resource":"*"},{"Action":"logs:DeleteLogGroup","Effect":"Allow","Resource":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/",{"Ref":"OneMonth64E966BF"},":*"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/",{"Ref":"OneWeekFE56F6A4"},":*"]]},{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":logs:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":log-group:/aws/lambda/",{"Ref":"OneYearA82EBDA9"},":*"]]}]}],"Version":"2012-10-17"},"policyName":"LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB","roles":[{"Ref":"LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB"}]}}}}}}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"LatestNodeRuntimeMap":{"id":"LatestNodeRuntimeMap","path":"aws-cdk-lambda-log-retention/LatestNodeRuntimeMap","constructInfo":{"fqn":"aws-cdk-lib.CfnMapping","version":"0.0.0"}},"OneMonth":{"id":"OneMonth","path":"aws-cdk-lambda-log-retention/OneMonth","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"0.0.0","metadata":[{"code":"*","handler":"*","runtime":"*","logRetention":30}]},"children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-lambda-log-retention/OneMonth/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-lambda-log-retention/OneMonth/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneMonth/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}}}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneMonth/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"zipFile":"exports.handler = (event) => console.log(JSON.stringify(event));"},"handler":"index.handler","role":{"Fn::GetAtt":["OneMonthServiceRoleFBD1064F","Arn"]},"runtime":"nodejs18.x"}}},"LogRetention":{"id":"LogRetention","path":"aws-cdk-lambda-log-retention/OneMonth/LogRetention","constructInfo":{"fqn":"aws-cdk-lib.aws_logs.LogRetention","version":"0.0.0"},"children":{"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneMonth/LogRetention/Resource","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"LogGroup":{"id":"LogGroup","path":"aws-cdk-lambda-log-retention/OneMonth/LogGroup","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}}}},"OneYear":{"id":"OneYear","path":"aws-cdk-lambda-log-retention/OneYear","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.Function","version":"0.0.0","metadata":[{"code":"*","handler":"*","runtime":"*","logRetention":365}]},"children":{"ServiceRole":{"id":"ServiceRole","path":"aws-cdk-lambda-log-retention/OneYear/ServiceRole","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.Role","version":"0.0.0","metadata":[{"assumedBy":{"principalAccount":"*","assumeRoleAction":"*"},"managedPolicies":[{"managedPolicyArn":"*"}]}]},"children":{"ImportServiceRole":{"id":"ImportServiceRole","path":"aws-cdk-lambda-log-retention/OneYear/ServiceRole/ImportServiceRole","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":["*"]}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneYear/ServiceRole/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_iam.CfnRole","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::IAM::Role","aws:cdk:cloudformation:props":{"assumeRolePolicyDocument":{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"},"managedPolicyArns":[{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}}}},"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneYear/Resource","constructInfo":{"fqn":"aws-cdk-lib.aws_lambda.CfnFunction","version":"0.0.0"},"attributes":{"aws:cdk:cloudformation:type":"AWS::Lambda::Function","aws:cdk:cloudformation:props":{"code":{"zipFile":"exports.handler = (event) => console.log(JSON.stringify(event));"},"handler":"index.handler","role":{"Fn::GetAtt":["OneYearServiceRole24D47762","Arn"]},"runtime":"nodejs18.x"}}},"LogRetention":{"id":"LogRetention","path":"aws-cdk-lambda-log-retention/OneYear/LogRetention","constructInfo":{"fqn":"aws-cdk-lib.aws_logs.LogRetention","version":"0.0.0"},"children":{"Resource":{"id":"Resource","path":"aws-cdk-lambda-log-retention/OneYear/LogRetention/Resource","constructInfo":{"fqn":"aws-cdk-lib.CfnResource","version":"0.0.0"}}}},"LogGroup":{"id":"LogGroup","path":"aws-cdk-lambda-log-retention/OneYear/LogGroup","constructInfo":{"fqn":"aws-cdk-lib.Resource","version":"0.0.0","metadata":[]}}}},"BootstrapVersion":{"id":"BootstrapVersion","path":"aws-cdk-lambda-log-retention/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"aws-cdk-lambda-log-retention/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}},"LambdaLogRetentionInteg":{"id":"LambdaLogRetentionInteg","path":"LambdaLogRetentionInteg","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTest","version":"0.0.0"},"children":{"DefaultTest":{"id":"DefaultTest","path":"LambdaLogRetentionInteg/DefaultTest","constructInfo":{"fqn":"@aws-cdk/integ-tests-alpha.IntegTestCase","version":"0.0.0"},"children":{"Default":{"id":"Default","path":"LambdaLogRetentionInteg/DefaultTest/Default","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}},"DeployAssert":{"id":"DeployAssert","path":"LambdaLogRetentionInteg/DefaultTest/DeployAssert","constructInfo":{"fqn":"aws-cdk-lib.Stack","version":"0.0.0"},"children":{"BootstrapVersion":{"id":"BootstrapVersion","path":"LambdaLogRetentionInteg/DefaultTest/DeployAssert/BootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnParameter","version":"0.0.0"}},"CheckBootstrapVersion":{"id":"CheckBootstrapVersion","path":"LambdaLogRetentionInteg/DefaultTest/DeployAssert/CheckBootstrapVersion","constructInfo":{"fqn":"aws-cdk-lib.CfnRule","version":"0.0.0"}}}}}}}},"Tree":{"id":"Tree","path":"Tree","constructInfo":{"fqn":"constructs.Construct","version":"10.4.2"}}}}} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.ts index ceedc94aa95d4..2a0b23c3c30b1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-lambda/test/integ.log-retention.ts @@ -13,6 +13,7 @@ new lambda.Function(stack, 'OneWeek', { handler: 'index.handler', runtime: STANDARD_NODEJS_RUNTIME, logRetention: logs.RetentionDays.ONE_WEEK, + logRemovalPolicy: cdk.RemovalPolicy.DESTROY, }); new lambda.Function(stack, 'OneMonth', { @@ -20,6 +21,7 @@ new lambda.Function(stack, 'OneMonth', { handler: 'index.handler', runtime: STANDARD_NODEJS_RUNTIME, logRetention: logs.RetentionDays.ONE_MONTH, + logRemovalPolicy: cdk.RemovalPolicy.DESTROY, }); new lambda.Function(stack, 'OneYear', { @@ -27,10 +29,10 @@ new lambda.Function(stack, 'OneYear', { handler: 'index.handler', runtime: STANDARD_NODEJS_RUNTIME, logRetention: logs.RetentionDays.ONE_YEAR, + logRemovalPolicy: cdk.RemovalPolicy.DESTROY, }); new IntegTest(app, 'LambdaLogRetentionInteg', { testCases: [stack], diffAssets: true, }); -app.synth(); diff --git a/packages/aws-cdk-lib/aws-lambda/README.md b/packages/aws-cdk-lib/aws-lambda/README.md index 67a4ebf4a1210..52554f15a846e 100644 --- a/packages/aws-cdk-lib/aws-lambda/README.md +++ b/packages/aws-cdk-lib/aws-lambda/README.md @@ -281,6 +281,21 @@ const fn = new lambda.Function(this, 'MyFunctionWithFFTrue', { cdk.Tags.of(fn).add('env', 'dev'); // the tag is also added to the log group ``` +### Log removal policy + +When using the deprecated `logRetention` property for creating a LogGroup, you can configure log removal policy: +```ts +import * as logs from 'aws-cdk-lib/aws-logs'; + +const fn = new lambda.Function(this, 'MyFunctionWithFFTrue', { + runtime: lambda.Runtime.NODEJS_LATEST, + handler: 'handler.main', + code: lambda.Code.fromAsset('lambda'), + logRetention: logs.RetentionDays.INFINITE, + logRemovalPolicy: RemovalPolicy.RETAIN, +}); +``` + ## Resource-based Policies AWS Lambda supports resource-based policies for controlling access to Lambda diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts index 6784d8186afd3..864faae421823 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/function.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/function.ts @@ -31,7 +31,7 @@ import * as sns from '../../aws-sns'; import * as sqs from '../../aws-sqs'; import { Annotations, ArnFormat, CfnResource, Duration, FeatureFlags, Fn, IAspect, Lazy, - Names, Size, Stack, Token, + Names, RemovalPolicy, Size, Stack, Token, } from '../../core'; import { UnscopedValidationError, ValidationError } from '../../core/lib/errors'; import { addConstructMetadata, MethodMetadata } from '../../core/lib/metadata-resource'; @@ -456,10 +456,24 @@ export interface FunctionOptions extends EventInvokeConfigOptions { * myLogGroup.logGroupName; * ``` * + * @deprecated use `logGroup` instead * @default logs.RetentionDays.INFINITE */ readonly logRetention?: logs.RetentionDays; + /** + * Determine the removal policy of the log group that is auto-created by this construct. + * + * Normally you want to retain the log group so you can diagnose issues + * from logs even after a deployment that no longer includes the log group. + * In that case, use the normal date-based retention policy to age out your + * logs. + * + * @deprecated use `logGroup` instead + * @default RemovalPolicy.Retain + */ + readonly logRemovalPolicy?: RemovalPolicy; + /** * The IAM role for the Lambda function associated with the custom resource * that sets the retention policy. @@ -1120,6 +1134,14 @@ export class Function extends FunctionBase { } // Log retention + if (props.logRemovalPolicy) { + if (props.logGroup) { + throw new ValidationError('Cannot use `logRemovalPolicy` and `logGroup` together. Please set the removal policy on the logGroup directly', this); + } else if (FeatureFlags.of(this).isEnabled(USE_CDK_MANAGED_LAMBDA_LOGGROUP)) { + throw new ValidationError('Cannot use `logRemovalPolicy` and `@aws-cdk/aws-lambda:useCdkManagedLogGroup` flag together. Please set the removal policy on the automatically created log group directly', this); + } + } + if (props.logRetention) { if (props.logGroup) { throw new ValidationError('CDK does not support setting logRetention and logGroup', this); @@ -1129,6 +1151,7 @@ export class Function extends FunctionBase { retention: props.logRetention, role: props.logRetentionRole, logRetentionRetryOptions: props.logRetentionRetryOptions as logs.LogRetentionRetryOptions, + removalPolicy: props.logRemovalPolicy, }); this._logGroup = logs.LogGroup.fromLogGroupArn(this, 'LogGroup', logRetention.logGroupArn); this._logRetention = logRetention; diff --git a/packages/aws-cdk-lib/aws-lambda/test/function.test.ts b/packages/aws-cdk-lib/aws-lambda/test/function.test.ts index dbfe081ce51b2..614134a2a6e54 100644 --- a/packages/aws-cdk-lib/aws-lambda/test/function.test.ts +++ b/packages/aws-cdk-lib/aws-lambda/test/function.test.ts @@ -2265,6 +2265,7 @@ describe('function', () => { handler: 'index.handler', runtime: lambda.Runtime.NODEJS, logRetention: logs.RetentionDays.ONE_MONTH, + logRemovalPolicy: cdk.RemovalPolicy.DESTROY, }); // THEN @@ -2281,9 +2282,38 @@ describe('function', () => { ], }, RetentionInDays: 30, + RemovalPolicy: 'destroy', }); }); + test('cannot use logRemovalPolicy and logGroup', () => { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN/THEN + expect(() => new lambda.Function(stack, 'fn', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + logGroup: new logs.LogGroup(stack, 'CustomLogGroup'), + logRemovalPolicy: cdk.RemovalPolicy.DESTROY, + })).toThrow(/Cannot use `logRemovalPolicy` and `logGroup`/); + }); + + test('cannot use logRemovalPolicy and USE_CDK_MANAGED_LAMBDA_LOGGROUP', () => { + // GIVEN + const app = new cdk.App({ context: { [cxapi.USE_CDK_MANAGED_LAMBDA_LOGGROUP]: true } }); + const stack = new cdk.Stack(app, 'Stack'); + + // WHEN/THEN + expect(() => new lambda.Function(stack, 'fn', { + code: new lambda.InlineCode('foo'), + handler: 'index.handler', + runtime: lambda.Runtime.NODEJS_LATEST, + logRemovalPolicy: cdk.RemovalPolicy.DESTROY, + })).toThrow(/Cannot use `logRemovalPolicy` and `@aws-cdk\/aws-lambda:useCdkManagedLogGroup`/); + }); + test('imported lambda with imported security group and allowAllOutbound set to false', () => { // GIVEN const stack = new cdk.Stack();