feat(lambda): function log removal policy

[phuhung273]

Issue # (if applicable)

Closes #34669

Reason for this change

Support configuring function log removal policy

Description of changes

Expose log group removal policy to function props

Describe any new or updated permissions being added

Description of how you validated changes

Unit + Integ

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[go-to-k]

Could you please change the PR title to feat(lambda): ...? Because this PR is to add a new property so I believe that's a feat. In that case, you can request to exempt README. (Or we could just make a few changes to the code example in the README.)

[go-to-k]

It seems that a log group is being generated within the getter. I thought to store logRemovalPolicy in a private instance variable and to pass it to the following properties too.

https://github.com/aws/aws-cdk/blob/v2.201.0/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1401-L1404

  private _logRemovalPolicy?: RemovalPolicy;
  // ...
  // ...
  this._logRemovalPolicy = props.logRemovalPolicy;
  // ...
  // ...
  public get logGroup(): logs.ILogGroup {
    if (!this._logGroup) {
      const logRetention = new logs.LogRetention(this, 'LogRetention', {
        logGroupName: `/aws/lambda/${this.functionName}`,
        retention: logs.RetentionDays.INFINITE,
        removalPolicy: this._logRemovalPolicy,
      });
      this._logGroup = logs.LogGroup.fromLogGroupArn(this, `${this.node.id}-LogGroup`, logRetention.logGroupArn);
    }
    return this._logGroup;
  }

However, other properties such as logRetentionRole and logRetentionRetryOptions are not passed to them in the getter. But logRetentionRole and logRetentionRetryOptions are only applied when props.logRetention is specified, as indicated by their prefixes.

    if (props.logRetention) {
      if (props.logGroup) {
        throw new ValidationError('CDK does not support setting logRetention and logGroup', this);
      }
      const logRetention = new logs.LogRetention(this, 'LogRetention', {
        logGroupName: `/aws/lambda/${this.functionName}`,
        retention: props.logRetention,
        role: props.logRetentionRole,
        logRetentionRetryOptions: props.logRetentionRetryOptions as logs.LogRetentionRetryOptions,
      });
      this._logGroup = logs.LogGroup.fromLogGroupArn(this, 'LogGroup', logRetention.logGroupArn);

On the other hand, the creation of a log group using this getter is performed when props.logRetention is NOT specified (otherwise this._logGroup will be true). In other words, unlike those properties, it seems natural that logRemovalPolicy is also passed in the getter.

How about it?

[phuhung273]

Thank you so much for pointing this out. I totally missed this.

Added to this getter and include in tests.

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[go-to-k]

Thanks for the changes. LGTM.

[phuhung273]

Thanks for your review @go-to-k

Pull request has been modified.

Pull request has been modified.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 02fbb10
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.