feat(custom-resources): custom resource provider log retention (#9024)

---- closes #8815 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Jul 16, 2020 · 18c024c · 18c024c
1 parent 06842d6
commit 18c024c
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 1 deletion.
diff --git a/packages/@aws-cdk/custom-resources/README.md b/packages/@aws-cdk/custom-resources/README.md
@@ -30,13 +30,15 @@ the actual handler.
 
 ```ts
 import { CustomResource } from '@aws-cdk/core';
+import * as longs from '@aws-cdk/aws-logs';
 import * as cr from '@aws-cdk/custom-resources';
 
 const onEvent = new lambda.Function(this, 'MyHandler', { /* ... */ });
 
 const myProvider = new cr.Provider(this, 'MyProvider', {
   onEventHandler: onEvent,
-  isCompleteHandler: isComplete // optional async "waiter"
+  isCompleteHandler: isComplete,        // optional async "waiter"
+  logRetention: logs.RetentionDays.ONE_DAY   // default is INFINITE
 });
 
 new CustomResource(this, 'Resource1', { serviceToken: myProvider.serviceToken });

diff --git a/packages/@aws-cdk/custom-resources/lib/provider-framework/provider.ts b/packages/@aws-cdk/custom-resources/lib/provider-framework/provider.ts
@@ -1,6 +1,7 @@
 import * as path from 'path';
 import * as cfn from '@aws-cdk/aws-cloudformation';
 import * as lambda from '@aws-cdk/aws-lambda';
+import * as logs from '@aws-cdk/aws-logs';
 import { Construct, Duration } from '@aws-cdk/core';
 import * as consts from './runtime/consts';
 import { calculateRetryPolicy } from './util';
@@ -59,6 +60,15 @@ export interface ProviderProps {
    * @default Duration.minutes(30)
    */
   readonly totalTimeout?: Duration;
+
+  /**
+   * The number of days framework log events are kept in CloudWatch Logs. When
+   * updating this property, unsetting it doesn't remove the log retention policy.
+   * To remove the retention policy, set the value to `INFINITE`.
+   *
+   * @default logs.RetentionDays.INFINITE
+   */
+  readonly logRetention?: logs.RetentionDays;
 }
 
 /**
@@ -85,6 +95,7 @@ export class Provider extends Construct implements cfn.ICustomResourceProvider {
   public readonly serviceToken: string;
 
   private readonly entrypoint: lambda.Function;
+  private readonly logRetention?: logs.RetentionDays;
 
   constructor(scope: Construct, id: string, props: ProviderProps) {
     super(scope, id);
@@ -97,6 +108,8 @@ export class Provider extends Construct implements cfn.ICustomResourceProvider {
     this.onEventHandler = props.onEventHandler;
     this.isCompleteHandler = props.isCompleteHandler;
 
+    this.logRetention = props.logRetention;
+
     const onEventFunction = this.createFunction(consts.FRAMEWORK_ON_EVENT_HANDLER_NAME);
 
     if (this.isCompleteHandler) {
@@ -138,6 +151,7 @@ export class Provider extends Construct implements cfn.ICustomResourceProvider {
       runtime: lambda.Runtime.NODEJS_10_X,
       handler: `framework.${entrypoint}`,
       timeout: FRAMEWORK_HANDLER_TIMEOUT,
+      logRetention: this.logRetention,
     });
 
     fn.addEnvironment(consts.USER_ON_EVENT_FUNCTION_ARN_ENV, this.onEventHandler.functionArn);

diff --git a/packages/@aws-cdk/custom-resources/test/provider-framework/provider.test.ts b/packages/@aws-cdk/custom-resources/test/provider-framework/provider.test.ts
@@ -1,5 +1,6 @@
 import * as path from 'path';
 import * as lambda from '@aws-cdk/aws-lambda';
+import * as logs from '@aws-cdk/aws-logs';
 import { Duration, Stack } from '@aws-cdk/core';
 import * as cr from '../../lib';
 import * as util from '../../lib/provider-framework/util';
@@ -166,3 +167,53 @@ describe('retry policy', () => {
     })).toThrow(/Cannot determine retry count since totalTimeout=5s is not integrally dividable by queryInterval=10s/);
   });
 });
+
+describe('log retention', () => {
+  it('includes a log rotation lambda when present', () => {
+    // GIVEN
+    const stack = new Stack();
+
+    // WHEN
+    new cr.Provider(stack, 'MyProvider', {
+      onEventHandler: new lambda.Function(stack, 'MyHandler', {
+        code: lambda.Code.fromAsset(path.join(__dirname, './integration-test-fixtures/s3-file-handler')),
+        handler: 'index.onEvent',
+        runtime: lambda.Runtime.NODEJS_10_X,
+      }),
+      logRetention: logs.RetentionDays.ONE_WEEK,
+    });
+
+    // THEN
+    expect(stack).toHaveResource('Custom::LogRetention', {
+      LogGroupName: {
+        'Fn::Join': [
+          '',
+          [
+            '/aws/lambda/',
+            {
+              Ref: 'MyProviderframeworkonEvent9AF5C387',
+            },
+          ],
+        ],
+      },
+      RetentionInDays: 7,
+    });
+  });
+
+  it('does not include the log rotation lambda otherwise', () => {
+    // GIVEN
+    const stack = new Stack();
+
+    // WHEN
+    new cr.Provider(stack, 'MyProvider', {
+      onEventHandler: new lambda.Function(stack, 'MyHandler', {
+        code: lambda.Code.fromAsset(path.join(__dirname, './integration-test-fixtures/s3-file-handler')),
+        handler: 'index.onEvent',
+        runtime: lambda.Runtime.NODEJS_10_X,
+      }),
+    });
+
+    // THEN
+    expect(stack).not.toHaveResource('Custom::LogRetention');
+  });
+});