Enable log retention for cloudwatch log groups (#387)

* enable log retention for cloudwatch log groups * revert version bump * set default retention to 90 days
2026-01-17 09:07:20 +01:00 · 2019-06-13 11:03:34 +03:00
parent 758fdab1ee
commit bf5dae00e1
4 changed files with 16 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,8 @@ project adheres to [Semantic Versioning](http://semver.org/).

 - Added Termination Policy Option to worker ASGs (by @undeadops)
 - Update EBS optimized instances type (by @gloutsch)
+- Enable log retention for cloudwatch log groups (by @yuriipolishchuk)
+

 ### Changed

--- a/README.md
+++ b/README.md
@@ -114,6 +114,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | cluster\_endpoint\_private\_access | Indicates whether or not the Amazon EKS private API server endpoint is enabled. | string | `"false"` | no |
 | cluster\_endpoint\_public\_access | Indicates whether or not the Amazon EKS public API server endpoint is enabled. | string | `"true"` | no |
 | cluster\_iam\_role\_name | IAM role name for the cluster. Only applicable if manage_cluster_iam_resources is set to false. | string | `""` | no |
+| cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days | string | `"90"` | no |
 | cluster\_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | string | n/a | yes |
 | cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers and provide API access to your current IP/32. | string | `""` | no |
 | cluster\_version | Kubernetes version to use for the EKS cluster. | string | `"1.12"` | no |
--- a/cluster.tf
+++ b/cluster.tf
@@ -1,3 +1,10 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "/aws/eks/${var.cluster_name}/cluster"
+  retention_in_days = "${var.cluster_log_retention_in_days}"
+
+  count = "${length(var.cluster_enabled_log_types) > 0 ? 1 : 0}"
+}
+
 resource "aws_eks_cluster" "this" {
  name                      = "${var.cluster_name}"
  enabled_cluster_log_types = "${var.cluster_enabled_log_types}"
@@ -19,6 +26,7 @@ resource "aws_eks_cluster" "this" {
  depends_on = [
    "aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy",
    "aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy",
+    "aws_cloudwatch_log_group.this",
  ]
 }

--- a/variables.tf
+++ b/variables.tf
@@ -4,6 +4,11 @@ variable "cluster_enabled_log_types" {
  type        = "list"
 }

+variable "cluster_log_retention_in_days" {
+  default     = "90"
+  description = "Number of days to retain log events. Default retention - 90 days."
+}
+
 variable "cluster_name" {
  description = "Name of the EKS cluster. Also used as a prefix in names of related resources."
 }