aws-cw-log-group-manager/README.md at main · skildops/aws-cw-log-group-manager · GitHub

aws-cw-log-group-manager

Prerequisites:

AWS Services Managed:

CloudWatch Log Group

Supported Operations:

Update retention period
Update/remove KMS key

Logic Flow:

CloudWatch Event triggers retention and encryption function periodically.
Retention function scans all the log groups present in the provided region(s) and updates the retention period for all the available log group(s)
Encryption function scans all the log groups present in the provided region(s) and updates or removes KMS encryption for all the available log group(s)

Setup:

Use the terraform module included in this repo to create all the AWS resources required to automate IAM key rotation