From 5bcbf460193e60c332081fd7d46fcdbc6337c4df Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Wed, 31 Jan 2024 10:59:18 +0000 Subject: [PATCH 1/3] fix: revert deprecation of logRetention properties --- packages/aws-cdk-lib/aws-lambda/README.md | 19 ++++++++++++++++++ .../aws-cdk-lib/aws-lambda/lib/function.ts | 20 ++++++++++++------- .../lib/bucket-deployment.ts | 6 +++++- .../aws-custom-resource.ts | 6 +++++- .../lib/provider-framework/provider.ts | 6 +++++- 5 files changed, 47 insertions(+), 10 deletions(-) diff --git a/packages/aws-cdk-lib/aws-lambda/README.md b/packages/aws-cdk-lib/aws-lambda/README.md index f04c725aebd6e..1dfe0df14097a 100644 --- a/packages/aws-cdk-lib/aws-lambda/README.md +++ b/packages/aws-cdk-lib/aws-lambda/README.md @@ -1011,6 +1011,25 @@ new lambda.Function(this, 'Lambda', { }); ``` +Providing a custom, user controlled log group this way is not yet supported in all regions, namely GovCloud and CN. +Please check regional availability. + +### Legacy Log Retention + +As an alternative to providing a custom, user controlled log group, the legacy `logRetention` property can be used to set a different expiration period. +This feature uses a Custom Resource to change the log retention of the automatically created log group. + +By default, CDK uses the AWS SDK retry options when creating a log group. The `logRetentionRetryOptions` property +allows you to customize the maximum number of retries and base backoff duration. + +*Note* that a [CloudFormation custom +resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cfn-customresource.html) is added +to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the +correct log retention period (never expire, by default). This Custom Resource will also create a log group to log events of the custom resource. The log retention period for this addtional log group is hard-coded to 1 day. + +*Further note* that, if the log group already exists and the `logRetention` is not set, the custom resource will reset +the log retention to never expire even if it was configured with a different value. + ## FileSystem Access You can configure a function to mount an Amazon Elastic File System (Amazon EFS) to a diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts index e3b8a1bde981a..4f1310e2f7a57 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/function.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/function.ts @@ -384,9 +384,9 @@ export interface FunctionOptions extends EventInvokeConfigOptions { * this property, unsetting it doesn't remove the log retention policy. To * remove the retention policy, set the value to `INFINITE`. * - * @default logs.RetentionDays.INFINITE - * - * @deprecated instead create a fully customizable log group with `logs.LogGroup` and use the `logGroup` property to instruct the Lambda function to send logs to it. + * This is a legacy API and we strongly recommend you move away from it if you can. + * Instead create a fully customizable log group with `logs.LogGroup` and use the `logGroup` property + * to instruct the Lambda function to send logs to it. * Migrating from `logRetention` to `logGroup` will cause the name of the log group to change. * Users and code and referencing the name verbatim will have to adjust. * @@ -395,6 +395,8 @@ export interface FunctionOptions extends EventInvokeConfigOptions { * declare const myLogGroup: logs.LogGroup; * myLogGroup.logGroupName; * ``` + * + * @default logs.RetentionDays.INFINITE */ readonly logRetention?: logs.RetentionDays; @@ -402,9 +404,10 @@ export interface FunctionOptions extends EventInvokeConfigOptions { * The IAM role for the Lambda function associated with the custom resource * that sets the retention policy. * - * @default - A new role is created. + * This is a legacy API and we strongly recommend you migrate to `logGroup` if you can. + * `logGroup` allows you to create a fully customizable log group and instruct the Lambda function to send logs to it. * - * @deprecated instead use `logGroup` to create a fully customizable log group and instruct the Lambda function to send logs to it. + * @default - A new role is created. */ readonly logRetentionRole?: iam.IRole; @@ -412,9 +415,10 @@ export interface FunctionOptions extends EventInvokeConfigOptions { * When log retention is specified, a custom resource attempts to create the CloudWatch log group. * These options control the retry policy when interacting with CloudWatch APIs. * - * @default - Default AWS SDK retry options. + * This is a legacy API and we strongly recommend you migrate to `logGroup` if you can. + * `logGroup` allows you to create a fully customizable log group and instruct the Lambda function to send logs to it. * - * @deprecated instead use `logGroup` to create a fully customizable log group and instruct the Lambda function to send logs to it. + * @default - Default AWS SDK retry options. */ readonly logRetentionRetryOptions?: LogRetentionRetryOptions; @@ -482,6 +486,8 @@ export interface FunctionOptions extends EventInvokeConfigOptions { * * Use the `logGroup` property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it. * + * Not yet supported in GovCloud and CN regions. Please check regional availability. + * * @default `/aws/lambda/${this.functionName}` - default log group created by Lambda */ readonly logGroup?: logs.ILogGroup; diff --git a/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts b/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts index ea2c6fb36f922..a17cf10413758 100644 --- a/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts @@ -111,14 +111,18 @@ export interface BucketDeploymentProps { /** * The number of days that the lambda function's log events are kept in CloudWatch Logs. * + * This is a legacy API and we strongly recommend you migrate to `logGroup` if you can. + * `logGroup` allows you to create a fully customizable log group and instruct the Lambda function to send logs to it. + * * @default logs.RetentionDays.INFINITE - * @deprecated Use logGroup for full control over the custom resource log group */ readonly logRetention?: logs.RetentionDays; /** * The Log Group used for logging of events emitted by the custom resource's lambda function. * + * Not yet supported in GovCloud and CN regions. Please check regional availability. + * * @default - a default log group created by AWS Lambda */ readonly logGroup?: logs.ILogGroup; diff --git a/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts b/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts index 57f0317505686..285c40f759d04 100644 --- a/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts +++ b/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts @@ -329,14 +329,18 @@ export interface AwsCustomResourceProps { * The number of days log events of the singleton Lambda function implementing * this custom resource are kept in CloudWatch Logs. * + * This is a legacy API and we strongly recommend you migrate to `logGroup` if you can. + * `logGroup` allows you to create a fully customizable log group and instruct the Lambda function to send logs to it. + * * @default logs.RetentionDays.INFINITE - * @deprecated Use logGroup for full control over the custom resource log group */ readonly logRetention?: logs.RetentionDays; /** * The Log Group used for logging of events emitted by the custom resource's lambda function. * + * Not yet supported in GovCloud and CN regions. Please check regional availability. + * * @default - a default log group created by AWS Lambda */ readonly logGroup?: logs.ILogGroup; diff --git a/packages/aws-cdk-lib/custom-resources/lib/provider-framework/provider.ts b/packages/aws-cdk-lib/custom-resources/lib/provider-framework/provider.ts index 5b15f71ed6eed..40ae5f149b483 100644 --- a/packages/aws-cdk-lib/custom-resources/lib/provider-framework/provider.ts +++ b/packages/aws-cdk-lib/custom-resources/lib/provider-framework/provider.ts @@ -70,14 +70,18 @@ export interface ProviderProps { * updating this property, unsetting it doesn't remove the log retention policy. * To remove the retention policy, set the value to `INFINITE`. * + * This is a legacy API and we strongly recommend you migrate to `logGroup` if you can. + * `logGroup` allows you to create a fully customizable log group and instruct the Lambda function to send logs to it. + * * @default logs.RetentionDays.INFINITE - * @deprecated Use logGroup for full control over the custom resource log group */ readonly logRetention?: logs.RetentionDays; /** * The Log Group used for logging of events emitted by the custom resource's lambda function. * + * Not yet supported in GovCloud and CN regions. Please check regional availability. + * * @default - a default log group created by AWS Lambda */ readonly logGroup?: logs.ILogGroup; From 38e04d2b505e1ab1d9a9150e20384a1b7c03ed0c Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Wed, 31 Jan 2024 11:39:33 +0000 Subject: [PATCH 2/3] fixup rosetta failure --- packages/aws-cdk-lib/aws-lambda/lib/function.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts index 4f1310e2f7a57..6ec7bddb7e045 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/function.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/function.ts @@ -392,6 +392,8 @@ export interface FunctionOptions extends EventInvokeConfigOptions { * * In AWS CDK code, you can access the log group name directly from the LogGroup construct: * ```ts + * import * as logs from 'aws-cdk-lib/aws-logs'; + * * declare const myLogGroup: logs.LogGroup; * myLogGroup.logGroupName; * ``` From 412da5124746bb5b6f01d0dc9e05f8baf6a46cf8 Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Wed, 31 Jan 2024 13:07:47 +0000 Subject: [PATCH 3/3] rewording --- packages/aws-cdk-lib/aws-lambda/README.md | 4 ++-- packages/aws-cdk-lib/aws-lambda/lib/function.ts | 3 ++- .../aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts | 3 ++- .../lib/aws-custom-resource/aws-custom-resource.ts | 3 ++- .../custom-resources/lib/provider-framework/provider.ts | 3 ++- 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/packages/aws-cdk-lib/aws-lambda/README.md b/packages/aws-cdk-lib/aws-lambda/README.md index 1dfe0df14097a..8358e353ab422 100644 --- a/packages/aws-cdk-lib/aws-lambda/README.md +++ b/packages/aws-cdk-lib/aws-lambda/README.md @@ -1011,8 +1011,8 @@ new lambda.Function(this, 'Lambda', { }); ``` -Providing a custom, user controlled log group this way is not yet supported in all regions, namely GovCloud and CN. -Please check regional availability. +Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. +If you are deploying to another type of region, please check regional availability first. ### Legacy Log Retention diff --git a/packages/aws-cdk-lib/aws-lambda/lib/function.ts b/packages/aws-cdk-lib/aws-lambda/lib/function.ts index 6ec7bddb7e045..b887017d65e4d 100644 --- a/packages/aws-cdk-lib/aws-lambda/lib/function.ts +++ b/packages/aws-cdk-lib/aws-lambda/lib/function.ts @@ -488,7 +488,8 @@ export interface FunctionOptions extends EventInvokeConfigOptions { * * Use the `logGroup` property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it. * - * Not yet supported in GovCloud and CN regions. Please check regional availability. + * Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. + * If you are deploying to another type of region, please check regional availability first. * * @default `/aws/lambda/${this.functionName}` - default log group created by Lambda */ diff --git a/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts b/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts index a17cf10413758..b5a817c6e212a 100644 --- a/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts +++ b/packages/aws-cdk-lib/aws-s3-deployment/lib/bucket-deployment.ts @@ -121,7 +121,8 @@ export interface BucketDeploymentProps { /** * The Log Group used for logging of events emitted by the custom resource's lambda function. * - * Not yet supported in GovCloud and CN regions. Please check regional availability. + * Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. + * If you are deploying to another type of region, please check regional availability first. * * @default - a default log group created by AWS Lambda */ diff --git a/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts b/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts index 285c40f759d04..a8233d7e3b76e 100644 --- a/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts +++ b/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts @@ -339,7 +339,8 @@ export interface AwsCustomResourceProps { /** * The Log Group used for logging of events emitted by the custom resource's lambda function. * - * Not yet supported in GovCloud and CN regions. Please check regional availability. + * Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. + * If you are deploying to another type of region, please check regional availability first. * * @default - a default log group created by AWS Lambda */ diff --git a/packages/aws-cdk-lib/custom-resources/lib/provider-framework/provider.ts b/packages/aws-cdk-lib/custom-resources/lib/provider-framework/provider.ts index 40ae5f149b483..dee8caac120f9 100644 --- a/packages/aws-cdk-lib/custom-resources/lib/provider-framework/provider.ts +++ b/packages/aws-cdk-lib/custom-resources/lib/provider-framework/provider.ts @@ -80,7 +80,8 @@ export interface ProviderProps { /** * The Log Group used for logging of events emitted by the custom resource's lambda function. * - * Not yet supported in GovCloud and CN regions. Please check regional availability. + * Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. + * If you are deploying to another type of region, please check regional availability first. * * @default - a default log group created by AWS Lambda */