joeyvandijk/set-log-groups-retention.sh

## set-log-groups-retention.sh
# Set the logs retention policy for your default AWS account in region eu-west-1 to 5 days, execute the command:
#   ./set-log-groups-retention.sh exampleFunction 5

# Need to have Resource: "*" in IAM to get access to call all regions in SSM (Systems Manager)
# Reference: https://docs.aws.amazon.com/general/latest/gr/rande.html

# DO NOT FORGET TO SET `export AWS_PROFILE=your-aws-config-iam-profile` ;)

export LOGS_PREFIX=${1:exampleFunction}
RETENTION_DAYS=${2:-3}
echo "Update AWS Cloudwatch Log-groups with a log retention of $RETENTION_DAYS days:"

while read -r region; do
    # ap-northeast-3 (Osaka, Japan) and ap-east-1 (Hong Kong) needs a subscription so is ignored by default, remove if necessary
    if [[ $region == "cn-"* || $region == *"-gov-"* || $region == 'ap-northeast-3' || $region == 'ap-east-1' ]]; then
        echo [Ignoring region: $region]
    else
        echo Searching in region: $region
        # AWS Codebuild
        while read -r a b; do
            if [[ "$RETENTION_DAYS+0" != "$b+0" ]]; then
                aws logs put-retention-policy --region $region --log-group-name $a --retention-in-days $RETENTION_DAYS
                echo Updated $a to retain for $RETENTION_DAYS days and it was $b.
            fi
        done < <(aws logs describe-log-groups --region $region --log-group-name-prefix /aws/codebuild/$LOGS_PREFIX --query 'logGroups[*].[logGroupName,retentionInDays]' --output text)

        # AWS Lambda
        while read -r a b; do
            if [[ "$RETENTION_DAYS+0" != "$b+0" ]]; then
                aws logs put-retention-policy --region $region --log-group-name $a --retention-in-days $RETENTION_DAYS
                echo Updated $a to retain for $RETENTION_DAYS days and it was $b.
            fi
        done < <(aws logs describe-log-groups --region $region --log-group-name-prefix /aws/lambda/us-east-1.prod-$LOGS_PREFIX --query 'logGroups[*].[logGroupName,retentionInDays]' --output text)
    fi
done < <(aws ssm get-parameters-by-path --path /aws/service/global-infrastructure/regions --query 'Parameters[*].[Value]' --output text)

echo "All AWS Cloudwatch Log-groups are in sync."
	# Set the logs retention policy for your default AWS account in region eu-west-1 to 5 days, execute the command:
	# ./set-log-groups-retention.sh exampleFunction 5

	# Need to have Resource: "*" in IAM to get access to call all regions in SSM (Systems Manager)
	# Reference: https://docs.aws.amazon.com/general/latest/gr/rande.html

	# DO NOT FORGET TO SET `export AWS_PROFILE=your-aws-config-iam-profile` ;)

	export LOGS_PREFIX=${1:exampleFunction}
	RETENTION_DAYS=${2:-3}
	echo "Update AWS Cloudwatch Log-groups with a log retention of $RETENTION_DAYS days:"

	while read -r region; do
	# ap-northeast-3 (Osaka, Japan) and ap-east-1 (Hong Kong) needs a subscription so is ignored by default, remove if necessary
	if [[ $region == "cn-"* \|\| $region == "-gov-" \|\| $region == 'ap-northeast-3' \|\| $region == 'ap-east-1' ]]; then
	echo [Ignoring region: $region]
	else
	echo Searching in region: $region
	# AWS Codebuild
	while read -r a b; do
	if [[ "$RETENTION_DAYS+0" != "$b+0" ]]; then
	aws logs put-retention-policy --region $region --log-group-name $a --retention-in-days $RETENTION_DAYS
	echo Updated $a to retain for $RETENTION_DAYS days and it was $b.
	fi
	done < <(aws logs describe-log-groups --region $region --log-group-name-prefix /aws/codebuild/$LOGS_PREFIX --query 'logGroups[*].[logGroupName,retentionInDays]' --output text)

	# AWS Lambda
	while read -r a b; do
	if [[ "$RETENTION_DAYS+0" != "$b+0" ]]; then
	aws logs put-retention-policy --region $region --log-group-name $a --retention-in-days $RETENTION_DAYS
	echo Updated $a to retain for $RETENTION_DAYS days and it was $b.
	fi
	done < <(aws logs describe-log-groups --region $region --log-group-name-prefix /aws/lambda/us-east-1.prod-$LOGS_PREFIX --query 'logGroups[*].[logGroupName,retentionInDays]' --output text)
	fi
	done < <(aws ssm get-parameters-by-path --path /aws/service/global-infrastructure/regions --query 'Parameters[*].[Value]' --output text)

	echo "All AWS Cloudwatch Log-groups are in sync."