By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Delete CloudWatch Log Groups using AWS Lambda function

0

Hi AWS, I need a lambda function which can delete log group with no retention period and with no KMS key configured

Topics
Security, Identity, & ComplianceServerlessComputeManagement & Governance
Tags
AWS Key Management ServiceAWS LambdaAmazon CloudWatchLog Groups
Language
English
rePost-User-1680684
asked a year ago398 views
2 Answers
1
Accepted Answer

The following code can be used to delete a log group that is not encrypted by KMS and has no retention period set.

import boto3

def lambda_handler(event, context):

    logs_client = boto3.client('logs')
    response = logs_client.describe_log_groups()

    for log_group in response['logGroups']:
        if 'retentionInDays' not in log_group and 'kmsKeyId' not in log_group:
            log_group_name = log_group['logGroupName']
            logs_client.delete_log_group(logGroupName=log_group_name)

The following is a reference document.
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/logs/client/describe_log_groups.html
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/logs/client/delete_log_group.html

profile picture
EXPERT
Riku_Kobayashi
answered a year ago
0

Check this post https://repost.aws/questions/QUHbpGyG6vRCetY14qoNxSWg/delete-cloudwatch-log-groups-using-aws-lambda-function

Manikandan
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content