From 230b56bb6b39d25655df26411d4e3c5a05b04231 Mon Sep 17 00:00:00 2001 From: sonal-joshi Date: Fri, 19 Jul 2024 11:09:29 -0700 Subject: [PATCH] feat(logs): enabling IA log group creation in CN and GovCloud regions (#30904) ### Reason for this change CloudwatchLogs recently launched support for Infrequent Access Log Group Class in china and gov cloud regions. We are adding support in CDK to use this feature. ### Description of changes Added LogGroup Class attribute support in CDK for China and GovCloud regions. This feature is already launched by CWL in china and gov-cloud regions. This PR would add CDK support for the same. ### Description of how you validated changes This feature is already has integ test coverage in commercial region. We have validated the feature on service side already. ### Checklist - [-] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk-lib/aws-logs/README.md | 10 ++++++++++ packages/aws-cdk-lib/aws-logs/lib/log-group.ts | 4 ---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/packages/aws-cdk-lib/aws-logs/README.md b/packages/aws-cdk-lib/aws-logs/README.md index 2276fddfb2f7f..4ee04e1de7ed3 100644 --- a/packages/aws-cdk-lib/aws-logs/README.md +++ b/packages/aws-cdk-lib/aws-logs/README.md @@ -40,6 +40,16 @@ publish their log group to a specific region, such as AWS Chatbot creating a log By default, the log group created by LogRetention will be retained after the stack is deleted. If the RemovalPolicy is set to DESTROY, then the log group will be deleted when the stack is deleted. +## Log Group Class + +CloudWatch Logs offers two classes of log groups: + +1. The CloudWatch Logs Standard log class is a full-featured option for logs that require real-time monitoring or logs that you access frequently. + +2. The CloudWatch Logs Infrequent Access log class is a new log class that you can use to cost-effectively consolidate your logs. This log class offers a subset of CloudWatch Logs capabilities including managed ingestion, storage, cross-account log analytics, and encryption with a lower ingestion price per GB. The Infrequent Access log class is ideal for ad-hoc querying and after-the-fact forensic analysis on infrequently accessed logs. + +For more details please check: [log group class documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html) + ## Resource Policy CloudWatch Resource Policies allow other AWS services or IAM Principals to put log events into the log groups. diff --git a/packages/aws-cdk-lib/aws-logs/lib/log-group.ts b/packages/aws-cdk-lib/aws-logs/lib/log-group.ts index b32bf0f3f5127..d1a014ef7cefa 100644 --- a/packages/aws-cdk-lib/aws-logs/lib/log-group.ts +++ b/packages/aws-cdk-lib/aws-logs/lib/log-group.ts @@ -520,13 +520,9 @@ export class LogGroup extends LogGroupBase { let logGroupClass = props.logGroupClass; const stack = Stack.of(scope); const logGroupClassUnsupportedRegions = [ - 'cn-north-1', // BJS - 'cn-northwest-1', // ZHY 'us-iso-west-1', // APA 'us-iso-east-1', // DCA 'us-isob-east-1', // LCK - 'us-gov-west-1', // PDT - 'us-gov-east-1', // OSU ]; if (logGroupClass !== undefined && !Token.isUnresolved(stack.region) && logGroupClassUnsupportedRegions.includes(stack.region)) { Annotations.of(this).addWarningV2('@aws-cdk/aws-logs:propertyNotSupported', `The LogGroupClass property is not supported in the following regions: ${logGroupClassUnsupportedRegions}`);