CloudWatch Logs retention setting Lambda.

lambda-cform/lambda-cform-logretention/pom.xml

@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+# This file is part of the pl.wrzasq.lambda.
+#
+# @license http://mit-license.org/ The MIT license
+# @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl.
+-->
+<project
+    xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="
+        http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd
+">
+    <modelVersion>4.0.0</modelVersion>
+
+    <!-- core project settings -->
+    <artifactId>lambda-cform-logretention</artifactId>
+    <packaging>jar</packaging>
+    <parent>
+        <groupId>pl.wrzasq.lambda</groupId>
+        <artifactId>lambda-cform</artifactId>
+        <version>1.0.29-SNAPSHOT</version>
+        <relativePath>../</relativePath>
+    </parent>
+
+    <!-- project meta info -->
+    <name>WrzasqPl CloudFormation CloudWatch log retention handler</name>
+    <url>https://rafalwrzeszcz-wrzasqpl.github.io/pl.wrzasq.lambda/lambda-cform/lambda-cform-logretention/</url>
+    <description>CloudWatch log group retention handler for CloudFormation.</description>
+    <inceptionYear>2019</inceptionYear>
+
+    <!-- plugins configuration -->
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <configuration>
+                    <usedDependencies>
+                        <usedDependency>${project.groupId}:lambda-json</usedDependency>
+                        <usedDependency>com.amazonaws:aws-xray-recorder-sdk-aws-sdk</usedDependency>
+                        <usedDependency>com.amazonaws:aws-xray-recorder-sdk-aws-sdk-instrumentor</usedDependency>
+                        <usedDependency>io.symphonia:lambda-logging</usedDependency>
+                        <usedDependency>javax.xml.bind:jaxb-api</usedDependency>
+                    </usedDependencies>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+    <!-- project dependencies -->
+    <dependencies>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>lambda-json</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-logs</artifactId>
+            <version>1.11.588</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-lambda-java-core</artifactId>
+            <version>1.2.0</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-xray-recorder-sdk-aws-sdk</artifactId>
+            <version>2.2.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-xray-recorder-sdk-aws-sdk-instrumentor</artifactId>
+            <version>2.2.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.sunrun</groupId>
+            <artifactId>cfn-response</artifactId>
+            <version>1.2.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>io.symphonia</groupId>
+            <artifactId>lambda-logging</artifactId>
+            <version>1.0.3</version>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
+            <version>2.3.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.26</version>
+        </dependency>
+
+        <dependency>
+            <groupId>pl.wrzasq.commons</groupId>
+            <artifactId>commons-aws</artifactId>
+            <version>1.0.21</version>
+        </dependency>
+    </dependencies>
+</project>

lambda-cform/lambda-cform-logretention/src/main/checkstyle/java.header

@@ -0,0 +1,8 @@
+^/\*$
+^ \* This file is part of the pl\.wrzasq\.lambda\.$
+^ \*$
+^ \* @license http://mit-license\.org/ The MIT license$
+^ \* @copyright \d{4}[0-9, -]* © by Rafał Wrzeszcz - Wrzasq\.pl\.$
+^ \*/$
+
+^package pl\.wrzasq\.lambda\.cform\.logretention(\..+)?;$

lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/Handler.java

@@ -0,0 +1,46 @@
+/*
+ * This file is part of the pl.wrzasq.lambda.
+ *
+ * @license http://mit-license.org/ The MIT license
+ * @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl.
+ */
+
+package pl.wrzasq.lambda.cform.logretention;
+
+import com.amazonaws.services.lambda.runtime.Context;
+import com.amazonaws.services.logs.AWSLogs;
+import com.amazonaws.services.logs.AWSLogsClientBuilder;
+import com.sunrun.cfnresponse.CfnRequest;
+import pl.wrzasq.commons.aws.cloudformation.CustomResourceHandler;
+import pl.wrzasq.lambda.cform.logretention.model.RetentionRequest;
+import pl.wrzasq.lambda.cform.logretention.service.RetentionManager;
+
+/**
+ * CloudFormation request handler.
+ *
+ * <p>Recommended memory: 256MB.</p>
+ */
+public class Handler {
+    /**
+     * CloudFormation response handler.
+     */
+    private static CustomResourceHandler<RetentionRequest, Object> handler;
+
+    static {
+        AWSLogs cloudWatch = AWSLogsClientBuilder.defaultClient();
+
+        RetentionManager deploy = new RetentionManager(cloudWatch);
+
+        Handler.handler = new CustomResourceHandler<>(deploy::provision, deploy::provision, deploy::delete);
+    }
+
+    /**
+     * Handles invocation.
+     *
+     * @param request CloudFormation request.
+     * @param context AWS Lambda context.
+     */
+    public void handle(CfnRequest<RetentionRequest> request, Context context) {
+        Handler.handler.handle(request, context);
+    }
+}

lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/model/RetentionRequest.java

@@ -0,0 +1,28 @@
+/*
+ * This file is part of the pl.wrzasq.lambda.
+ *
+ * @license http://mit-license.org/ The MIT license
+ * @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl.
+ */
+
+package pl.wrzasq.lambda.cform.logretention.model;
+
+import java.util.List;
+
+import lombok.Data;
+
+/**
+ * Retention and groups CloudFormation request.
+ */
+@Data
+public class RetentionRequest {
+    /**
+     * List of log groups.
+     */
+    private List<String> logGroups;
+
+    /**
+     * Number of days to retain logs.
+     */
+    private int retentionDays;
+}

lambda-cform/lambda-cform-logretention/src/main/java/pl/wrzasq/lambda/cform/logretention/service/RetentionManager.java

@@ -0,0 +1,97 @@
+/*
+ * This file is part of the pl.wrzasq.lambda.
+ *
+ * @license http://mit-license.org/ The MIT license
+ * @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl.
+ */
+
+package pl.wrzasq.lambda.cform.logretention.service;
+
+import java.util.UUID;
+
+import com.amazonaws.services.logs.AWSLogs;
+import com.amazonaws.services.logs.model.DeleteRetentionPolicyRequest;
+import com.amazonaws.services.logs.model.PutRetentionPolicyRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import pl.wrzasq.commons.aws.cloudformation.CustomResourceResponse;
+import pl.wrzasq.lambda.cform.logretention.model.RetentionRequest;
+
+/**
+ * CloudWatch API implementation.
+ */
+public class RetentionManager {
+    /**
+     * Logger.
+     */
+    private Logger logger = LoggerFactory.getLogger(RetentionManager.class);
+
+    /**
+     * AWS CloudWatch API client.
+     */
+    private AWSLogs cloudWatch;
+
+    /**
+     * Initializes object with given CloudWatch client.
+     *
+     * @param cloudWatch AWS CloudWatch client.
+     */
+    public RetentionManager(AWSLogs cloudWatch) {
+        this.cloudWatch = cloudWatch;
+    }
+
+    /**
+     * Handles LogGroup retention setting.
+     *
+     * @param input Resource creation request.
+     * @param physicalResourceId Physical ID of existing resource (in this case always null).
+     * @return Data about published version.
+     */
+    public CustomResourceResponse<Object> provision(RetentionRequest input, String physicalResourceId) {
+        // new ID needed, just to track it
+        if (physicalResourceId == null) {
+            physicalResourceId = UUID.randomUUID().toString();
+        }
+
+        for (String logGroup : input.getLogGroups()) {
+            this.putRetentionPolicy(logGroup, input.getRetentionDays());
+        }
+
+        return new CustomResourceResponse<>(null, physicalResourceId);
+    }
+
+    /**
+     * Handles rule deletion.
+     *
+     * @param input Resource delete request.
+     * @param physicalResourceId Physical ID of existing resource (if present).
+     * @return Empty response.
+     */
+    public CustomResourceResponse<Object> delete(RetentionRequest input, String physicalResourceId) {
+        input.getLogGroups()
+            .stream()
+            .map(DeleteRetentionPolicyRequest::new)
+            .forEach(this.cloudWatch::deleteRetentionPolicy);
+
+        this.logger.info(
+            "Removed retention policy from CloudWatch LogGroups {}.",
+            input.getLogGroups()
+        );
+
+        return new CustomResourceResponse<>(null, physicalResourceId);
+    }
+
+    /**
+     * Sets retention policy for single log group.
+     *
+     * @param logGroup LogGroup name.
+     * @param days Retention days.
+     */
+    private void putRetentionPolicy(String logGroup, int days) {
+        this.cloudWatch.putRetentionPolicy(
+            new PutRetentionPolicyRequest(logGroup, days)
+        );
+
+        this.logger.info("Setting retention days of LogGroup {} to {}.", logGroup, days);
+    }
+}

lambda-cform/lambda-cform-logretention/src/main/resources/logback.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+# This file is part of the pl.wrzasq.lambda.
+#
+# @license http://mit-license.org/ The MIT license
+# @copyright 2019 © by Rafał Wrzeszcz - Wrzasq.pl.
+-->
+<configuration scan="true">
+    <!-- stdout output -->
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger - %msg%n%ex{full}</pattern>
+        </encoder>
+    </appender>
+
+    <!-- our logger instances -->
+    <logger name="com.amazonaws">
+        <level value="INFO"/>
+        <appender-ref ref="CONSOLE"/>
+    </logger>
+    <logger name="com.sunrun.cfnresponse">
+        <level value="INFO"/>
+        <appender-ref ref="CONSOLE"/>
+    </logger>
+    <logger name="pl.wrzasq">
+        <level value="INFO"/>
+        <appender-ref ref="CONSOLE"/>
+    </logger>
+</configuration>