Set Lambda function log retention, add FIXME (#6070, #6911)

DataBiosphere · Feb 19, 2025 · 15f795f · 15f795f
1 parent 080e458
commit 15f795f
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 2 deletions.
diff --git a/scripts/import_cloudwatch_log_groups.py b/scripts/import_cloudwatch_log_groups.py
@@ -33,6 +33,14 @@ def resource(name):
                     name, stage = config.unqualified_resource_name(name)
                     if stage == config.deployment_stage:
                         log_groups[resource('chatbot')] = group_name
+            elif not tf_component:
+                # Lambda functions
+                if group_name.startswith('/aws/lambda'):
+                    name = group_name.rpartition('/')[2]
+                    name, stage, suffix = config.unqualified_resource_name_and_suffix(name)
+                    if stage == config.deployment_stage:
+                        name = name + (f'_{suffix[1:]}' if suffix else '')
+                        log_groups[resource(name)] = group_name
             else:
                 pass
 

diff --git a/scripts/rename_resources.py b/scripts/rename_resources.py
@@ -5,6 +5,7 @@
     Optional,
 )
 
+import azul
 from azul.args import (
     AzulArgumentHelpFormatter,
 )
@@ -23,6 +24,12 @@
     for num in [1, 2]
 }
 
+resource = 'aws_cloudwatch_log_group'
+renamed.update({
+    f'{resource}.{app.name}': f'{resource}_api_gateway'
+    for app in ['indexer', 'service']
+})
+
 
 def main(argv: list[str]):
     configure_script_logging(log)

diff --git a/src/azul/terraform.py b/src/azul/terraform.py
@@ -895,6 +895,18 @@ def tf_config(self, app_name):
             'locals': locals
         }
 
+    def lambda_log_groups(self, resources):
+        """
+        Return 'aws_cloudwatch_log_group' entities for each
+        'aws_lambda_function' entity.
+        """
+        return {
+            resource_name: {
+                'name': f'/aws/lambda/{resource['function_name']}',
+                'retention_in_days': config.audit_log_retention_days
+            } for resource_name, resource in resources['aws_lambda_function'].items()
+        }
+
 
 chalice = Chalice()
 

diff --git a/terraform/Makefile b/terraform/Makefile
@@ -38,6 +38,9 @@ rename_resources: validate
 
 .PHONY: import_resources
 import_resources: rename_resources
+	@# FIXME: Remove once the log groups have been imported into all deployments
+	@#        https://github.com/DataBiosphere/azul/issues/6911
+	python $(project_root)/scripts/import_cloudwatch_log_groups.py
 
 .PHONY: plan
 plan: import_resources

diff --git a/terraform/api_gateway.tf.json.template.py b/terraform/api_gateway.tf.json.template.py
@@ -646,10 +646,11 @@ def for_domain(cls, domain):
                     }
                 },
                 'aws_cloudwatch_log_group': {
-                    app.name: {
+                    f'{app.name}_api_gateway': {
                         'name': '/aws/apigateway/' + config.qualified_resource_name(app.name),
                         'retention_in_days': config.audit_log_retention_days,
-                    }
+                    },
+                    **chalice.lambda_log_groups(chalice.tf_config(app.name)['resource'])
                 },
                 'aws_iam_role': {
                     app.name: {