CloudWatch Log Retention and Lambda

Posted by : at

Category : aws

One of the great things about Lambda is that when you create a function it automatically creates an associated CloudWatch Log Group so that the output of your function is captured. The problem is that by default this log group will have a retention of “forever”, which can be costly for a function that is either run a lot or writes a lot of information to CloudWatch.

To fix this, what you need to do is to update the log retention and the easiest way to do this is through the console, but this obviously isn’t the right way.

If we assume that you have already run your function and you deployed it using terraform but you want to fix up the log retention then this is how you do it:

Create the CloudWatch Log Group Definition

resource "aws_cloudwatch_log_group" "my_log_group" {
    name = "/aws/lambda/my-function"
    retention_in_days = 30

Now, if you run this then you will get an error saying that a duplicate resource exists - which it does!

Import the existing resource into terraform

For a terraform resource that is in a module:

terraform import module.datalake_firehose.aws_cloudwatch_log_group.my_log_group "/aws/lambda/my-function"

For a terraform resource that is not in a module:

terraform import aws_cloudwatch_log_group.my_log_group "/aws/lambda/my-function"


If you then run terraform apply then this should update the retention on the CloudWatch log group.

About Michael Ransley
Michael Ransley

Hi, I am a Husband, Father of 3 children and Principal Data Engineer at Origin Energy. I am interested in many things - but technology is certainly one of them - both how to solve particular issues but also the effects that technology has on our society.

Website :

  • aws
  • Useful Links