Set Chatbot log retention, add FIXME (#6070, #6911)

scripts/import_cloudwatch_log_groups.py

@@ -0,0 +1,50 @@
+import boto3
+
+from azul import (
+    config,
+    logging,
+)
+from azul.logging import (
+    configure_script_logging,
+)
+from azul.terraform import (
+    terraform,
+)
+
+log = logging.getLogger(__name__)
+
+
+def main():
+    def resource(name):
+        return 'aws_cloudwatch_log_group.' + name
+
+    log_groups = {}  # Mapping of TF resource name to AWS Cloudwatch log group
+    tf_component = config.terraform_component
+
+    log_client = boto3.client('logs')
+    paginator = log_client.get_paginator('describe_log_groups')
+    for page in paginator.paginate():
+        for log_group in page['logGroups']:
+            group_name = log_group['logGroupName']
+            if tf_component == 'shared':
+                # Chatbot
+                if config.slack_integration and group_name.startswith('/aws/chatbot'):
+                    name = group_name.rpartition('/')[2]
+                    name, stage = config.unqualified_resource_name(name)
+                    if stage == config.deployment_stage:
+                        log_groups[resource('chatbot')] = group_name
+            else:
+                pass
+
+    resources = terraform.run('state', 'list').splitlines()
+    for resource_name, log_group in log_groups.items():
+        if resource_name in resources:
+            log.info('Skipping import of %r.', resource_name)
+        else:
+            log.info('Importing resource %r.', resource_name)
+            terraform.run('import', resource_name, log_group)
+
+
+if __name__ == '__main__':
+    configure_script_logging()
+    main()

terraform/shared/Makefile

@@ -31,6 +31,9 @@ rename_resources: config
 .PHONY: import_resources
 import_resources: rename_resources
 	python $(project_root)/scripts/import_default_vpc.py
+	@# FIXME: Remove once the log groups have been imported into all deployments
+	@#        https://github.com/DataBiosphere/azul/issues/6911
+	python $(project_root)/scripts/import_cloudwatch_log_groups.py
 
 .PHONY: apply
 apply: validate import_resources

terraform/shared/shared.tf.json.template.py

@@ -474,7 +474,17 @@ def conformance_pack(name: str) -> str:
             vpc.default_vpc_name: {
                 'name': '/aws/vpc/' + config.qualified_resource_name(vpc.default_vpc_name),
                 'retention_in_days': config.audit_log_retention_days
-            }
+            },
+            **(
+                {
+                    'chatbot': {
+                        'name': 'aws/chatbot/' + config.qualified_resource_name('chatbot'),
+                        'retention_in_days': config.audit_log_retention_days
+                    }
+                }
+                if config.slack_integration else
+                {}
+            ),
         },
         'aws_cloudwatch_log_metric_filter': {
             **{