Instantly share code, notes, and snippets.

Embed
What would you like to do?
Set the retention days on any AWS CloudWatch log group that isn't set yet
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SetLogRetain",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups",
"ec2:DescribeRegions",
"logs:PutRetentionPolicy"
],
"Resource": "*"
}
]
}
#!/bin/bash
AWS="/usr/local/bin/aws --profile log-retain-mgr --no-paginate --output json"
JQ="/usr/local/bin/jq --raw-output"
for REGION in `$AWS --region us-east-1 ec2 describe-regions | $JQ '.Regions[].RegionName'`
do
echo "Region $REGION"
for GROUP in `$AWS --region "$REGION" logs describe-log-groups | $JQ '.logGroups[] | select (has("retentionInDays") | not).logGroupName'`
do
echo " $REGION $GROUP"
$AWS --region "$REGION" logs put-retention-policy --log-group-name "$GROUP" --retention-in-days 30
done
done
@prenagha

This comment has been minimized.

Owner

prenagha commented Oct 17, 2018

Create a new IAM user, with CLI access, get the access key and secret and load into a AWS CLI profile log-retain-mgr
Give the IAM user the policy seen above
Run the script, it will cycle through all AWS regions, find any CloudWatch Log Groups that have no retention setting, and put a retention days of 30 on them

@prenagha

This comment has been minimized.

Owner

prenagha commented Oct 17, 2018

If you don't know what jq is you are in for a welcome surprise

https://stedolan.github.io/jq/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment