CloudWatch Log Groups deletion using AWS Lambda function

Question

Hi Aws,
Need a lambda function to delete log group with no retention and if the retention period <365 days,
and with no KMS encryption configured

Antonio_Lagrotteria · Answer

Hi,

I think this is exactly what you are looking for: https://repost.aws/questions/QUMcZ1aqV1Rwu-IozegdMF6g/delete-cloudwatch-log-groups-using-aws-lambda-function

Hope it helps ;)

Aman · Answer

what if the log groups have never expire? how to delete that?

Riku_Kobayashi · Answer

I have edited the code created in this question to the code that meets your requirements.  
https://repost.aws/questions/QUMcZ1aqV1Rwu-IozegdMF6g/delete-cloudwatch-log-groups-using-aws-lambda-function

The following code inserts an if statement in line 10 to determine if the retention period is less than 365 days and if the file is not encrypted by KMS.  
```
import boto3

def lambda_handler(event, context):
    logs_client = boto3.client('logs')
    response = logs_client.describe_log_groups()

for log_group in response['logGroups']:
        if 'retentionInDays' in log_group:
            retentionin_days = log_group['retentionInDays']
            if retentionin_days < 365 and 'kmsKeyId' not in log_group:
                log_group_name = log_group['logGroupName']
                logs_client.delete_log_group(logGroupName=log_group_name)
```

CloudWatch Log Groups deletion using AWS Lambda function

Relevant content