Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Update existing Log Group using CloudFormation

Tags:

amazon-web-services

amazon-cloudformation

amazon-cloudwatch

I have a lambda which has a log group, say LG-1, for which retention is set to Never Expire (default). I need to change this Never Expire to 1 month. I am doing this using CloudFormation. As the log group already exists, when I am trying to deploy my lambda again with the changes in template as :

LambdaFunctionLogGroup:
Type: 'AWS::Logs::LogGroup'
DependsOn: MyLambda
Properties:
  RetentionInDays: 30
  LogGroupName: !Join 
    - ''
    - - /aws/lambda/
      - !Ref MyLambda

the update is failing with error :

[LogGroup Name] already exists.

One possible solution is to delete the log group and then again create it with new changes as shown above which works perfectly well.

But I need to do it without deleting the log group as it will result in the deletion of all the previous logs that I have.

Is there any workaround which is possible ?

like image 802
IllegalSkillsException Avatar asked Jan 02 '23 04:01

IllegalSkillsException

2 Answers

@ttulka answered:

".. it is impossible to manipulate resources from CF which already exist out of the stack."

But actually the problem is more general than that and applies to resources created inside of the stack. It has to do with AWS CloudFormation resource "Replacement policy". For some resources the way CloudFormation "updates" the resource is to create a new resource, then delete the old resource (this is called the "Replacement" update policy). This means there is a period of time where you've got two resources of the same type with many of the same properties existing at the same time. But if a certain resource property has to be unique, the two resource can't exist at the same time if they have the same value for this property, so ... CloudFormation blows up.

AWS::Logs::LogGroup.LogGroupName property is one such property. AWS::CloudWatch::Alarm.AlarmName is another example.

A work around is to unset the name so that a random name is used, perform an update, then set the name back to it's predictable fixed value and update again.

Rant: It's an annoying problem that really shouldn't exist. I.e. AWS CF should be smart enough to not have to use this weird clunky resource replacement implementation. But ... that's AWS CF for you ...

like image 128
spinkus Avatar answered Jan 05 '23 16:01

spinkus

I think it is impossible to manipulate resources from CF which already exist out of the stack.

One workaround would be to change the name of the Lambda like my-lambda-v2 to keep the old log group together with the new one.

After one month you can delete the old one.

like image 39
ttulka Avatar answered Jan 05 '23 15:01

ttulka
Sign in to Comment

Related questions

which approach is better? Upload a file from client side or from server side?
How to decode JSON with type convert from string to integer in Golang for non-local types?
Trouble Partitioning my Amazon Spectrum Table
Uploading images to s3 with meta = image/jpeg - python/boto3
C# AWS SQS Client inaccessible due to it's protection level
aws aurora rds (mysql) in a cluster cannot insert emoji
How to query AWS CloudSearch domain using Python boto3 library?
AWS Lambda: Execute function B 10 minutes after function A
mutation to create relations on AWS AppSync
Where to read AWS DLM (Data Lifecycle Management) error details
Lambda function never succeeds in codepipeline
AWS Kinesis Stream Checkpointing
Creating an IAM service role to allow Amazon Cognito to send SMS messages for MFA
Find the source of athena query result
Send email via AWS SES using Laravel Mail class
Ruby gem with native extensions not working on AWS Lambda

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!