Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(opensearch) LogGroupResourcePolicy AwsCustomResource log retention is set to never expire with no clear way to override #18902

Closed
zomgbre opened this issue Feb 9, 2022 · 2 comments
Closed

(opensearch) LogGroupResourcePolicy AwsCustomResource log retention is set to never expire with no clear way to override #18902

zomgbre opened this issue Feb 9, 2022 · 2 comments
Labels
@aws-cdk/aws-opensearch Related to the @aws-cdk/aws-opensearchservice package closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2

Comments

@zomgbre
Copy link

zomgbre commented Feb 9, 2022

General Issue

@aws-cdk/aws-opensearchservice LogGroupResourcePolicy AwsCustomResource log retention is set to never expire with no clear way to override

The Question

We noticed that the Domain construct is creating an AwsCustomResource to provision the LogGroupResourcePolicy. This particular AwsCustomResource implementation is using the default retention period of "Never Expire" with no apparent way to override it. This isn't super great because we end up with all these never expiring log groups in our AWS account during development where we might destroy and recreate stacks often.

Can something be done to address the never expiring log groups for this AwsCustomResource when creating an OpenSearch Domain?

CDK CLI Version

2.12.0

Framework Version

No response

Node.js Version

No response

OS

No response

Language

Typescript

Language Version

No response

Other information

Upon further research, it looks like LogGroupResourcePolicy is an AwsCustomResource because of CloudFormation not supporting the ability to create it in the past:
#5343
#17015 - (yay it's fixed)

Where the Domain Construct creates the AwsCustomResource:

aws-cdk/packages/@aws-cdk/aws-opensearchservice/lib/domain.ts

Line 1487 in 9975ec8

logGroupResourcePolicy = new LogGroupResourcePolicy(this, `ESLogGroupPolicy${this.node.addr}`, {

Perhaps one way to fix the issue is to implement the new way of creating the LogGroupResourcePolicy as seen in #17015.

Another way without moving from a CustomResource would be to allow setting a retention period or have a more reasonable default.
@zomgbre zomgbre added guidance Question that needs advice or information. needs-triage This issue or PR still needs to be triaged. labels Feb 9, 2022
@peterwoodworth
Copy link
Contributor

You can override this, but it isn't very pretty or intuitive to figure out.

You will have to use escape hatches and dig through the construct tree until you come to the custom resource you want to modify.

    const awsCr = domain.node.children[2]; // This number could be different for you, but will stay consistent with the same configuration
    // Using findChild() for the above method won't work because the child awscustomresource id is computed with a hash
    const cr = awsCr.node.findChild('Resource') // the name Resource should stay consistent
    const cfnCr = cr.node.defaultChild as CfnResource;
    cfnCr.addPropertyOverride('RetentionInDays', 365);

Relabeling as a feature request to make this easier on the user in this case

@peterwoodworth peterwoodworth added effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2 and removed guidance Question that needs advice or information. labels Feb 16, 2022
@peterwoodworth peterwoodworth changed the title @aws-cdk/aws-opensearchservice LogGroupResourcePolicy AwsCustomResource log retention is set to never expire with no clear way to override (opensearch) LogGroupResourcePolicy AwsCustomResource log retention is set to never expire with no clear way to override Feb 16, 2022
@peterwoodworth peterwoodworth added @aws-cdk/aws-opensearch Related to the @aws-cdk/aws-opensearchservice package good first issue Related to contributions. See CONTRIBUTING.md and removed needs-triage This issue or PR still needs to be triaged. labels Feb 16, 2022
@github-actions
Copy link

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Feb 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-opensearch Related to the @aws-cdk/aws-opensearchservice package closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@NGL321 @zomgbre @ryparker @peterwoodworth