From a7946b82289398f9026be3554c3b72847c9edc3e Mon Sep 17 00:00:00 2001 From: Lawrence Stone Date: Tue, 11 Oct 2022 16:26:00 -0400 Subject: [PATCH 1/2] adding ability to subscribe log groups by AWS Tag as well as the existing prefix. --- CloudWatch2S3.template | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/CloudWatch2S3.template b/CloudWatch2S3.template index 1514e4c..cd6a40e 100644 --- a/CloudWatch2S3.template +++ b/CloudWatch2S3.template @@ -93,6 +93,7 @@ Metadata: Parameters: - SubscribeSchedule - LogGroupNamePrefix + - LogGroupTagName ParameterLabels: AllowedAccounts: default: Allowed Accounts @@ -112,6 +113,8 @@ Metadata: default: Export Format LogGroupNamePrefix: default: Required Log Group Name Prefix + LogGroupTagName: + default: Archive log groups by Tag ProcessorBufferIntervalHint: default: Processing Lambda Buffer Timeout ProcessorBufferSizeHint: @@ -199,6 +202,10 @@ Parameters: Description: Prefix to match against log group that should be exported (leave empty to export all log groups) Type: String + LogGroupTagName: + Default: 'archive_log_group_to_s3' + Description: Adding this tag to a log group will force the scheduled LogSubscriberFunction to archive tagged log group (leave empty to not filter by tags) + Type: String ProcessorBufferIntervalHint: Default: '60' Description: Processing Lambda buffer timeout (in seconds, only in raw format @@ -582,7 +589,7 @@ Resources: Fn::GetAtt: - LogProcessorRole - Arn - Runtime: python3.6 + Runtime: python3.9 Timeout: 300 Type: AWS::Lambda::Function LogProcessorRole: @@ -663,7 +670,16 @@ Resources: def subscribe_all(): for log_group_name in matched_log_groups("${LogGroupNamePrefix}"): - subscribe(log_group_name) + if not LogGroupTagName: + subscribe(log_group_name) + else: + tags_in_group_response = logs_client.list_tags_log_group( + logGroupName = log_group_name + ) + print("tags_in_group_response", tags_in_group_response) + for tag in tags_in_group_response["tags"]: + if tag == LogGroupTagName: + subscribe(log_group_name) def unsubscribe_all(): @@ -737,7 +753,7 @@ Resources: Fn::GetAtt: - LogSubscriberRole - Arn - Runtime: python3.6 + Runtime: python3.9 Timeout: 300 Type: AWS::Lambda::Function LogSubscriberPermission: @@ -774,6 +790,7 @@ Resources: - logs:DeleteSubscriptionFilter - logs:DescribeLogGroups - logs:PutSubscriptionFilter + - logs:ListTagsLogGroup Effect: Allow Resource: '*' Sid: Logs @@ -810,4 +827,4 @@ Resources: - LogSubscriberFunction - Arn Type: Custom::Subscriber -Transform: AWS::Serverless-2016-10-31 +Transform: AWS::Serverless-2016-10-31 \ No newline at end of file From 6156aad1c1928bcf1ef87d366d569daf53424918 Mon Sep 17 00:00:00 2001 From: Lawrence Stone Date: Tue, 11 Oct 2022 16:28:59 -0400 Subject: [PATCH 2/2] fixing reference to LogGroupTagName var --- CloudWatch2S3.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CloudWatch2S3.template b/CloudWatch2S3.template index cd6a40e..24ebf1c 100644 --- a/CloudWatch2S3.template +++ b/CloudWatch2S3.template @@ -670,7 +670,7 @@ Resources: def subscribe_all(): for log_group_name in matched_log_groups("${LogGroupNamePrefix}"): - if not LogGroupTagName: + if not "${LogGroupTagName}": subscribe(log_group_name) else: tags_in_group_response = logs_client.list_tags_log_group( @@ -678,7 +678,7 @@ Resources: ) print("tags_in_group_response", tags_in_group_response) for tag in tags_in_group_response["tags"]: - if tag == LogGroupTagName: + if tag == "${LogGroupTagName}": subscribe(log_group_name)