Created
May 21, 2019 18:29
-
-
Save joeyvandijk/337e47751d6ec1459a697c73c31d8521 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set the logs retention policy for your default AWS account in region eu-west-1 to 5 days, execute the command: | |
| # ./set-log-groups-retention.sh exampleFunction 5 | |
| # Need to have Resource: "*" in IAM to get access to call all regions in SSM (Systems Manager) | |
| # Reference: https://docs.aws.amazon.com/general/latest/gr/rande.html | |
| # DO NOT FORGET TO SET `export AWS_PROFILE=your-aws-config-iam-profile` ;) | |
| export LOGS_PREFIX=${1:exampleFunction} | |
| RETENTION_DAYS=${2:-3} | |
| echo "Update AWS Cloudwatch Log-groups with a log retention of $RETENTION_DAYS days:" | |
| while read -r region; do | |
| # ap-northeast-3 (Osaka, Japan) and ap-east-1 (Hong Kong) needs a subscription so is ignored by default, remove if necessary | |
| if [[ $region == "cn-"* || $region == *"-gov-"* || $region == 'ap-northeast-3' || $region == 'ap-east-1' ]]; then | |
| echo [Ignoring region: $region] | |
| else | |
| echo Searching in region: $region | |
| # AWS Codebuild | |
| while read -r a b; do | |
| if [[ "$RETENTION_DAYS+0" != "$b+0" ]]; then | |
| aws logs put-retention-policy --region $region --log-group-name $a --retention-in-days $RETENTION_DAYS | |
| echo Updated $a to retain for $RETENTION_DAYS days and it was $b. | |
| fi | |
| done < <(aws logs describe-log-groups --region $region --log-group-name-prefix /aws/codebuild/$LOGS_PREFIX --query 'logGroups[*].[logGroupName,retentionInDays]' --output text) | |
| # AWS Lambda | |
| while read -r a b; do | |
| if [[ "$RETENTION_DAYS+0" != "$b+0" ]]; then | |
| aws logs put-retention-policy --region $region --log-group-name $a --retention-in-days $RETENTION_DAYS | |
| echo Updated $a to retain for $RETENTION_DAYS days and it was $b. | |
| fi | |
| done < <(aws logs describe-log-groups --region $region --log-group-name-prefix /aws/lambda/us-east-1.prod-$LOGS_PREFIX --query 'logGroups[*].[logGroupName,retentionInDays]' --output text) | |
| fi | |
| done < <(aws ssm get-parameters-by-path --path /aws/service/global-infrastructure/regions --query 'Parameters[*].[Value]' --output text) | |
| echo "All AWS Cloudwatch Log-groups are in sync." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment