From c1d72fe57d99e8497b84fef471b4a65e259c4117 Mon Sep 17 00:00:00 2001
From: Henry Skiba <henry.skiba@frgrisk.com>
Date: Fri, 6 Jun 2025 16:00:58 +0800
Subject: [PATCH] Add 14-day retention policy to CloudWatch log groups

- Define explicit log groups for Lambda function and EC2 instances
- Set RetentionInDays to 14 to prevent indefinite log storage
- Reduces storage costs by automatically expiring old logs
---
 template.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/template.yaml b/template.yaml
index ee8f81b..2602254 100644
--- a/template.yaml
+++ b/template.yaml
@@ -60,6 +60,20 @@ Resources:
     Properties:
       Roles:
         - !Ref RunnerInstanceRole
+  
+  # CloudWatch Log Groups with retention
+  GitHubActionHookFunctionLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: !Sub '/aws/lambda/${GitHubActionHookFunction}'
+      RetentionInDays: 14
+  
+  EC2RunnerLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: '/aws/ec2/github-runner'
+      RetentionInDays: 14
+  
   GitHubActionHookFunction:
     Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
     Properties: