Lambda@Edgeが作成する全てのCloudWatch Logsのロググループに保持期間を設定するスクリプト

# Lambda@Edgeのロググループのログ保持期間を設定するためのスクリプト
# us-east-1以外のロググループは自動で作成されるため、IaCで一括でログ保持期間を設定することが難しいため、 Rubyスクリプトで一括で設定する

require 'aws-sdk-cloudfront'
require 'aws-sdk-ec2'
require 'aws-sdk-cloudwatchlogs'

cf_client = Aws::CloudFront::Client.new(region: 'us-east-1')

lambda_at_edge_functions = []

cf_client.list_distributions({}).each do |response|
  response.distribution_list.items.each do |distribution|
    distribution.cache_behaviors.items.each do |cache_behavior|
      next unless cache_behavior.lambda_function_associations

      cache_behavior.lambda_function_associations.items.each do |lambda_function_association|
        lambda_at_edge_functions << lambda_function_association.lambda_function_arn.split(':')[-2]
      end
    end
  end
end

ec2_client = Aws::EC2::Client.new(region: 'us-east-1')

res = ec2_client.describe_regions({})

valid_regions = res.regions.map do |region|
  region.region_name
end

valid_regions.each do |region|
  cw_client = Aws::CloudWatchLogs::Client.new(region: region)

  lambda_at_edge_functions.uniq.each do |lambda_edge_function|
    log_group_name = "/aws/lambda/us-east-1.#{lambda_edge_function}"
    retention_in_days = 14

    begin
      cw_client.put_retention_policy({
                                       log_group_name: log_group_name,
                                       retention_in_days: retention_in_days
                                     })
      puts "Setting log retention for #{log_group_name} to #{retention_in_days} days in #{region}"
    rescue Aws::CloudWatchLogs::Errors::ResourceNotFoundException => e
      puts "Log group #{log_group_name} does not exist in #{region}"
    end
  end
end