How to set CloudWatch logs retention policy for Lambda in AWS Serverless Application Model (SAM)?

Question

Hi,

I am using the AWS Serverless Application Model (SAM) to create an API consisting of an API gateway and a lambda function. By default, my lambda function is attached with an AWS managed policy to send logs to CloudWatch with no expiry date. How can I perform the following:
1. Replace the AWS managed policy with my own customer managed policy on sending logs to CloudWatch?
2. Implement a log retention policy of 30 days?

I noticed that AWS SAM comes with some policy templates that I can use but I did not find how I can answer my two questions.
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-policy-templates.html

Thanks.

Accepted Answer

Hi, @learning

You can simply create a LogGroup with the function name as shown below. Then you can set the log retention freely.

```
Resources:
  TestFunc:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: test-func
      CodeUri: src/handlers/test_func
      Handler: index.handler
      Runtime: python3.6
      AutoPublishAlias: live
      Timeout: 10
      MemorySize: 128
      
  TestFuncLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Sub /aws/lambda/${TestFunc}
      RetentionInDays: 14
```

https://dev.classmethod.jp/articles/should-create-cloudwatch-logs-log-group-when-creating-lambda-with-aws-sam/

How to set CloudWatch logs retention policy for Lambda in AWS Serverless Application Model (SAM)?

Contenido relevante