Issue: QnABot logs Never Expire. Request: Add configurable log retention period for all CloudWatch log groups used by QnABot

[rstrahan]

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

QnABot Lambda functions currently log to implicitly created CloudWatch log groups that default to 'Never Expire' - eg

This is problematic:

1. as logs grow over time, incurring increasing cost
2. logs may contain sensitive information from QnAbot requests that needs to be deleted after some days for policy compliance and to prevent legal liability / discoverability issues.

Describe the feature you'd like A clear and concise description of what you want to happen.

1. QnABot main template should have a new parameter for CloudWatch logs retention period in days (with a default - say 30 days)
2. All QnABot templates should be modified to explicitly create a CloudWatch log group for each Lambda function
   • with an explicitly named log group based on the stack name for easier discovery
   • with an explicitly set retention

eg something like this..

  LambdaXXXLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName:
        Fn::Sub: /${AWS::StackName}/lambda/LambdaXXX
      RetentionInDays:
        Ref: CloudWatchLogsExpirationInDays

and each associated Lambda function should reference it's explicit log group by adding the LoggingConfig property:

      LoggingConfig:
        LogGroup:
          Fn::Sub: /${AWS::StackName}/lambda/LambdaXXX

Additional context Add any other context or screenshots about the feature request here.

[ajaysw]

Thank you @rstrahan - we will add this to the backlog and prioritize.

[fhoueto-amz]

.

[fhoueto-amz]

This will be in the next version

[michaelin-96]

@rstrahan This feature is now available in v6.1.0. Closing ticket.