From 2fa8f707f9b593b00634339fa77e3a05eed3e0cf Mon Sep 17 00:00:00 2001 From: Daniel Sotirhos Date: Wed, 12 Feb 2025 09:57:21 -0800 Subject: [PATCH] Set API Gateway execution log retention (#6070) --- scripts/import_cloudwatch_log_groups.py | 11 +++++++++++ terraform/api_gateway.tf.json.template.py | 6 ++++++ 2 files changed, 17 insertions(+) diff --git a/scripts/import_cloudwatch_log_groups.py b/scripts/import_cloudwatch_log_groups.py index ab2b18c2f..a8bb24566 100644 --- a/scripts/import_cloudwatch_log_groups.py +++ b/scripts/import_cloudwatch_log_groups.py @@ -42,6 +42,17 @@ def resource(name): name = resource(k2 + '_lambda') log_group = '/aws/lambda/' + v2['function_name'] log_groups[name] = log_group + # API Gateway execution log groups + # For these we have to query AWS to get the API Gateway IDs. + api_client = boto3.client('apigateway') + paginator = api_client.get_paginator('get_rest_apis') + for api_page in paginator.paginate(): + for api in api_page['items']: + name, stage = config.unqualified_resource_name(api['name']) + if stage == config.deployment_stage: + name = f'{name}_api_execution' + log_group = f"API-Gateway-Execution-Logs_{api['id']}/{stage}" + log_groups[resource(name)] = log_group log_client = boto3.client('logs') paginator = log_client.get_paginator('describe_log_groups') diff --git a/terraform/api_gateway.tf.json.template.py b/terraform/api_gateway.tf.json.template.py index 3021eeb91..45e00eb63 100644 --- a/terraform/api_gateway.tf.json.template.py +++ b/terraform/api_gateway.tf.json.template.py @@ -650,6 +650,12 @@ def for_domain(cls, domain): 'name': '/aws/apigateway/' + config.qualified_resource_name(app.name), 'retention_in_days': config.audit_log_retention_days, }, + f'{app.name}_api_execution': { + 'name': 'API-Gateway-Execution-Logs_' + '${aws_api_gateway_rest_api.%s.id}' + '/%s' % (app.name, config.main_deployment_stage), + 'retention_in_days': config.audit_log_retention_days, + }, **{ f'{resource_name}_lambda': { 'name': f'/aws/lambda/{resource['function_name']}',