feat(logs): delete associated log group when stack is deleted

packages/@aws-cdk/aws-logs/lib/log-retention-provider/index.ts

@@ -51,6 +51,35 @@ async function createLogGroupSafe(logGroupName: string, region?: string, options
   } while (true); // exit happens on retry count check
 }
 
+//delete a log group
+async function deleteLogGroup(logGroupName: string, region?: string, options?: SdkRetryOptions) {
+  let retryCount = options?.maxRetries == undefined ? 10 : options.maxRetries;
+  const delay = options?.retryOptions?.base == undefined ? 10 : options.retryOptions.base;
+  do {
+    try {
+      const cloudwatchlogs = new AWS.CloudWatchLogs({ apiVersion: '2014-03-28', region, ...options });
+      await cloudwatchlogs.deleteLogGroup({ logGroupName }).promise();
+      return;
+    } catch (error) {
+      if (error.code === 'ResourceNotFoundException') {
+        // The log group doesn't exist
+        return;
+      }
+      if (error.code === 'OperationAbortedException') {
+        if (retryCount > 0) {
+          retryCount--;
+          await new Promise(resolve => setTimeout(resolve, delay));
+          continue;
+        } else {
+          // The log group is still being deleted by another execution but we are out of retries
+          throw new Error('Out of attempts to delete a logGroup');
+        }
+      }
+      throw error;
+    }
+  } while (true); // exit happens on retry count check
+}
+
 /**
  * Puts or deletes a retention policy on a log group.
  *
@@ -105,6 +134,9 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent
     // Parse to AWS SDK retry options
     const retryOptions = parseRetryOptions(event.ResourceProperties.SdkRetry);
 
+    //The deletion policy of log after the stack is deleted
+    const logDeletionPolicy = event.ResourceProperties.LogDeletionPolicy;
+
     if (event.RequestType === 'Create' || event.RequestType === 'Update') {
       // Act on the target log group
       await createLogGroupSafe(logGroupName, logGroupRegion, retryOptions);
@@ -124,6 +156,15 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent
       }
     }
 
+    //if the requestType is delete, then delete the log group created by the logRetention
+    if (event.RequestType === 'Delete') {
+      //if the removal policy is delete, then delete the log group
+      if (logDeletionPolicy === 'destroy') {
+        await deleteLogGroup(logGroupName, logGroupRegion, retryOptions);
+      }
+      //else retain the log group
+    }
+
     await respond('SUCCESS', 'OK', logGroupName);
   } catch (e) {
     console.log(e);

packages/@aws-cdk/aws-logs/lib/log-retention.ts

@@ -39,6 +39,27 @@ export interface LogRetentionProps {
    * @default - AWS SDK default retry options
    */
   readonly logRetentionRetryOptions?: LogRetentionRetryOptions;
+
+  /**
+   * The deletionPolicy the LogRetention uses on log
+   * @default LogDeletionPolicy.RETAINLOG
+   */
+  readonly logDeletionPolicy?: LogDeletionPolicy;
+}
+
+/**
+ * LogDeletionPolicy for the log group when the stack is deleted
+ */
+export enum LogDeletionPolicy {
+  /**
+   * This is the default log deletion policy. It means that when the resource is
+   * removed from the app, the log will retain.
+   */
+  RETAIN = 'retain',
+  /**
+   * This uses the 'destroyLog' DeletionPolicy, which will destroy the log when the stack is deleted.
+   */
+  DESTROY = 'destroy',
 }
 
 /**
@@ -93,6 +114,7 @@ export class LogRetention extends Construct {
           base: retryOptions.base?.toMilliseconds(),
         } : undefined,
         RetentionInDays: props.retention === RetentionDays.INFINITE ? undefined : props.retention,
+        LogDeletionPolicy: props.logDeletionPolicy ? props.logDeletionPolicy : LogDeletionPolicy.RETAIN,
       },
     });
 
@@ -145,7 +167,7 @@ class LogRetentionFunction extends Construct implements cdk.ITaggable {
     });
     // Duplicate statements will be deduplicated by `PolicyDocument`
     role.addToPrincipalPolicy(new iam.PolicyStatement({
-      actions: ['logs:PutRetentionPolicy', 'logs:DeleteRetentionPolicy'],
+      actions: ['logs:PutRetentionPolicy', 'logs:DeleteRetentionPolicy', 'logs:DeleteLogGroup'],
       // We need '*' here because we will also put a retention policy on
       // the log group of the provider function. Referencing its name
       // creates a CF circular dependency.

packages/@aws-cdk/aws-logs/test/integ.log-retention.ts

@@ -0,0 +1,20 @@
+import { App, Stack, StackProps } from '@aws-cdk/core';
+//import { IntegTest } from '@aws-cdk/integ-tests';
+import { LogRetention, RetentionDays, LogDeletionPolicy } from '../lib';
+
+class LogRetentionIntegStack extends Stack {
+  constructor(scope: App, id: string, props?: StackProps) {
+    super(scope, id, props);
+
+    new LogRetention(this, 'MyLambda', {
+      logGroupName: 'logRetentionLogGroup',
+      retention: RetentionDays.ONE_DAY,
+      logDeletionPolicy: LogDeletionPolicy.DESTROY,
+    });
+  }
+}
+
+const app = new App();
+new LogRetentionIntegStack(app, 'aws-cdk-log-retention-integ');
+app.synth();
+//new IntegTest(app, 'LogRetentionInteg', { testCases: [stack] });