diff --git a/reference-artifacts/config.ALZ.json b/reference-artifacts/config.ALZ.json index 33acbd8e6..1108e2280 100644 --- a/reference-artifacts/config.ALZ.json +++ b/reference-artifacts/config.ALZ.json @@ -3,8 +3,7 @@ "alz-minimum-version": "v2.3.1", "alz-baseline": true, "ct-baseline": false, - "central-log-retention": 730, - "default-log-retention": 90, + "default-s3-retention": 90, "central-bucket": "AWSDOC-EXAMPLE-BUCKET", "organization-admin-role": "AWSCloudFormationStackSetExecutionRole", "default-cwl-retention": 731, @@ -59,6 +58,7 @@ "central-log-services": { "account": "log-archive", "region": "ca-central-1", + "s3-retention": 730, "cwl-glbl-exclusions": [], "cwl-exclusions": [], "ssm-to-s3": true, @@ -1483,7 +1483,7 @@ } ] }, - "log-retention": 180, + "s3-retention": 180, "limits": {}, "iam": { "users": [ diff --git a/reference-artifacts/config.example.json b/reference-artifacts/config.example.json index d1a7c1863..8c145c2a9 100644 --- a/reference-artifacts/config.example.json +++ b/reference-artifacts/config.example.json @@ -3,8 +3,7 @@ "alz-minimum-version": "v2.3.1", "alz-baseline": false, "ct-baseline": false, - "central-log-retention": 730, - "default-log-retention": 90, + "default-s3-retention": 90, "central-bucket": "AWSDOC-EXAMPLE-BUCKET", "organization-admin-role": "AWSCloudFormationStackSetExecutionRole", "default-cwl-retention": 731, @@ -59,6 +58,7 @@ "central-log-services": { "account": "log-archive", "region": "ca-central-1", + "s3-retention": 730, "cwl-glbl-exclusions": [], "cwl-exclusions": [], "ssm-to-s3": true, @@ -1482,7 +1482,7 @@ } ] }, - "log-retention": 180, + "s3-retention": 180, "limits": {}, "iam": { "users": [ diff --git a/src/deployments/cdk/src/deployments/defaults/shared.ts b/src/deployments/cdk/src/deployments/defaults/shared.ts index 03eb9f529..12b393838 100644 --- a/src/deployments/cdk/src/deployments/defaults/shared.ts +++ b/src/deployments/cdk/src/deployments/defaults/shared.ts @@ -2,7 +2,6 @@ import * as cdk from '@aws-cdk/core'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; import { Bucket } from '@aws-accelerator/cdk-constructs/src/s3'; -import { AcceleratorConfig } from '@aws-accelerator/common-config/src'; import { createEncryptionKeyName } from '@aws-accelerator/cdk-accelerator/src/core/accelerator-name-generator'; import { AccountStack } from '../../common/account-stacks'; import { overrideLogicalId } from '../../utils/cdk'; @@ -30,15 +29,10 @@ export function createDefaultS3Key(props: { accountStack: AccountStack }): kms.K */ export function createDefaultS3Bucket(props: { accountStack: AccountStack; - config: AcceleratorConfig; encryptionKey: kms.Key; + logRetention: number; }): Bucket { - const { accountStack, config, encryptionKey } = props; - - const defaultLogRetention = config['global-options']['central-log-retention']; - - const accountConfig = config.getAccountByKey(accountStack.accountKey); - const logRetention = accountConfig['log-retention'] ?? defaultLogRetention; + const { accountStack, encryptionKey, logRetention } = props; // Generate fixed bucket name so we can do initialize cross-account bucket replication const bucket = new Bucket(accountStack, 'DefaultBucket', { diff --git a/src/deployments/cdk/src/deployments/defaults/step-1.ts b/src/deployments/cdk/src/deployments/defaults/step-1.ts index 3c4b24a73..0eda7568a 100644 --- a/src/deployments/cdk/src/deployments/defaults/step-1.ts +++ b/src/deployments/cdk/src/deployments/defaults/step-1.ts @@ -158,10 +158,12 @@ function createCentralLogBucket(props: DefaultsStep1Props) { accountStack: logAccountStack, }); + const defaultLogRetention = config['global-options']['central-log-services']['s3-retention']; + const logBucket = createDefaultS3Bucket({ accountStack: logAccountStack, - config, encryptionKey: logKey, + logRetention: defaultLogRetention!, }); // Allow replication from all Accelerator accounts diff --git a/src/deployments/cdk/src/deployments/defaults/step-2.ts b/src/deployments/cdk/src/deployments/defaults/step-2.ts index 499dc4e1d..fab442b82 100644 --- a/src/deployments/cdk/src/deployments/defaults/step-2.ts +++ b/src/deployments/cdk/src/deployments/defaults/step-2.ts @@ -46,10 +46,15 @@ function createDefaultS3Buckets(props: DefaultsStep2Props) { accountStack, }); + const defaultLogRetention = config['global-options']['default-s3-retention']; + + const accountConfig = config.getAccountByKey(accountStack.accountKey); + const logRetention = accountConfig['s3-retention'] ?? defaultLogRetention; + const bucket = createDefaultS3Bucket({ accountStack, - config, encryptionKey: key, + logRetention, }); bucket.replicateTo({ destinationBucket: centralLogBucket, diff --git a/src/lib/common-config/src/index.ts b/src/lib/common-config/src/index.ts index 621dbff44..416f5dc41 100644 --- a/src/lib/common-config/src/index.ts +++ b/src/lib/common-config/src/index.ts @@ -546,7 +546,7 @@ export const MandatoryAccountConfigType = t.interface({ vpc: optional(t.array(VpcConfigType)), deployments: optional(DeploymentConfigType), alb: optional(t.array(AlbConfigType)), - 'log-retention': optional(t.number), + 's3-retention': optional(t.number), budget: optional(BudgetConfigType), 'account-warming-required': optional(t.boolean), 'cwl-retention': optional(t.number), @@ -660,6 +660,7 @@ export const CentralServicesConfigType = t.interface({ 'config-aggr-excl-regions': optional(t.array(t.string)), 'sns-excl-regions': optional(t.array(t.string)), 'sns-subscription-emails': fromNullable(t.record(t.string, t.array(t.string)), {}), + 's3-retention': optional(t.number), }); export const ScpsConfigType = t.interface({ @@ -740,8 +741,7 @@ export const CloudWatchAlarmsConfigType = t.interface({ export const GlobalOptionsConfigType = t.interface({ 'alz-baseline': t.boolean, 'ct-baseline': t.boolean, - 'central-log-retention': t.number, - 'default-log-retention': t.number, + 'default-s3-retention': t.number, 'central-bucket': NonEmptyString, reports: ReportsConfigType, zones: GlobalOptionsZonesConfigType,