From 5159e1994664adad88e7d7de6265363449d37c46 Mon Sep 17 00:00:00 2001
From: Anusha Hegde <ahegde@newrelic.com>
Date: Thu, 16 Oct 2025 14:47:24 +0530
Subject: [PATCH 1/3] added log groups retention period

---
 lambda-cloudwatch-trigger-stack.yaml | 10 ++++++++-
 lambda-template.yaml                 | 32 ++++++++++++++++++++++++++++
 s3-trigger-stack.yaml                |  8 +++++++
 3 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/lambda-cloudwatch-trigger-stack.yaml b/lambda-cloudwatch-trigger-stack.yaml
index 9ab2f41..67d66e7 100644
--- a/lambda-cloudwatch-trigger-stack.yaml
+++ b/lambda-cloudwatch-trigger-stack.yaml
@@ -192,4 +192,12 @@ Resources:
       Handler: index.lambda_handler
       Role: !GetAtt NewRelicLogsCloudWatchLambdaIAMRole.Arn
       Runtime: python3.12
-      Timeout: 120
\ No newline at end of file
+      Timeout: 120
+
+  NewRelicLogsCloudWatchLambdaLogGroup:
+    Type: AWS::Logs::LogGroup
+    DeletionPolicy: Delete
+    DependsOn: NewRelicLogsCloudWatchLambda
+    Properties:
+      RetentionInDays: 14
+      LogGroupName: !Sub "/aws/lambda/${NewRelicLogsCloudWatchLambda}"
\ No newline at end of file
diff --git a/lambda-template.yaml b/lambda-template.yaml
index 4069538..d5b42c1 100644
--- a/lambda-template.yaml
+++ b/lambda-template.yaml
@@ -134,6 +134,14 @@ Resources:
       Runtime: python3.12
       Timeout: 120
 
+  NewRelicLogsAttributeValidationLambdaLogGroup:
+    Type: AWS::Logs::LogGroup
+    DeletionPolicy: Delete
+    DependsOn: NewRelicLogsAttributeValidationLambda
+    Properties:
+      RetentionInDays: 14
+      LogGroupName: !Sub "/aws/lambda/${NewRelicLogsAttributeValidationLambda}"
+
   NewRelicLogsResourceForAttributeValidation:
     Type: AWS::CloudFormation::CustomResource
     Condition: IsCommonAttributesNotBlank
@@ -176,6 +184,14 @@ Resources:
                 - secretsmanager:DescribeSecret
               Resource: !Sub 'arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:*'
 
+  NewRelicLogsServerlessLogForwarderLogGroup:
+    Type: AWS::Logs::LogGroup
+    DeletionPolicy: Delete
+    DependsOn: NewRelicLogsServerlessLogForwarder
+    Properties:
+      RetentionInDays: 14
+      LogGroupName: !Sub "/aws/lambda/${NewRelicLogsServerlessLogForwarder}"
+
   NewRelicLogsS3ARNConstructionLambdaIAMRole:
     Type: "AWS::IAM::Role"
     Properties:
@@ -306,6 +322,14 @@ Resources:
       Timeout: 120
       Role: !GetAtt NewRelicLogsS3ARNConstructionLambdaIAMRole.Arn
 
+  NewRelicLogsS3ARNConstructionLambdaLogGroup:
+    Type: AWS::Logs::LogGroup
+    DeletionPolicy: Delete
+    DependsOn: NewRelicLogsS3ARNConstructionLambda
+    Properties:
+      RetentionInDays: 14
+      LogGroupName: !Sub "/aws/lambda/${NewRelicLogsS3ARNConstructionLambda}"
+
   NewRelicLogsResourceForS3ARNConstruction:
     Type: AWS::CloudFormation::CustomResource
     Condition: AddS3Trigger
@@ -425,6 +449,14 @@ Resources:
       Timeout: 120
       Role: !GetAtt NewRelicLogsLogGroupArnConstructionLambdaIAMRole.Arn
 
+  NewRelicLogsLogGroupArnConstructionLambdaLogGroup:
+    Type: AWS::Logs::LogGroup
+    DeletionPolicy: Delete
+    DependsOn: NewRelicLogsLogGroupArnConstructionLambda
+    Properties:
+      RetentionInDays: 14
+      LogGroupName: !Sub "/aws/lambda/${NewRelicLogsLogGroupArnConstructionLambda}"
+
   NewRelicLogsResourceForLogGroupArnConstruction:
     Type: AWS::CloudFormation::CustomResource
     Condition: AddCloudwatchTrigger
diff --git a/s3-trigger-stack.yaml b/s3-trigger-stack.yaml
index 8fde2d5..af531dd 100644
--- a/s3-trigger-stack.yaml
+++ b/s3-trigger-stack.yaml
@@ -200,6 +200,14 @@ Resources:
       Role: !GetAtt NewRelicLogsS3BucketTriggerIAMRole.Arn
       Runtime: python3.12
       Timeout: 120
+
+  NewRelicLogsS3BucketTriggerLambdaLogGroup:
+    Type: AWS::Logs::LogGroup
+    DeletionPolicy: Delete
+    DependsOn: NewRelicLogsS3BucketTriggerLambda
+    Properties:
+      RetentionInDays: 14
+      LogGroupName: !Sub "/aws/lambda/${NewRelicLogsS3BucketTriggerLambda}"
   
 Outputs:
   NewRelicLogsS3TriggerSetupErrors:

From 152c965f3ffb6057b863b9978b080c1e820510c3 Mon Sep 17 00:00:00 2001
From: Anusha Hegde <ahegde@newrelic.com>
Date: Thu, 16 Oct 2025 14:59:52 +0530
Subject: [PATCH 2/3] modified conditions for log groups

---
 lambda-cloudwatch-trigger-stack.yaml | 2 +-
 lambda-template.yaml                 | 6 ++----
 s3-trigger-stack.yaml                | 2 +-
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/lambda-cloudwatch-trigger-stack.yaml b/lambda-cloudwatch-trigger-stack.yaml
index 67d66e7..4ed10cd 100644
--- a/lambda-cloudwatch-trigger-stack.yaml
+++ b/lambda-cloudwatch-trigger-stack.yaml
@@ -197,7 +197,7 @@ Resources:
   NewRelicLogsCloudWatchLambdaLogGroup:
     Type: AWS::Logs::LogGroup
     DeletionPolicy: Delete
-    DependsOn: NewRelicLogsCloudWatchLambda
+    Condition: HasValidLogGroups
     Properties:
       RetentionInDays: 14
       LogGroupName: !Sub "/aws/lambda/${NewRelicLogsCloudWatchLambda}"
\ No newline at end of file
diff --git a/lambda-template.yaml b/lambda-template.yaml
index d5b42c1..6ef988f 100644
--- a/lambda-template.yaml
+++ b/lambda-template.yaml
@@ -187,9 +187,7 @@ Resources:
   NewRelicLogsServerlessLogForwarderLogGroup:
     Type: AWS::Logs::LogGroup
     DeletionPolicy: Delete
-    DependsOn: NewRelicLogsServerlessLogForwarder
     Properties:
-      RetentionInDays: 14
       LogGroupName: !Sub "/aws/lambda/${NewRelicLogsServerlessLogForwarder}"
 
   NewRelicLogsS3ARNConstructionLambdaIAMRole:
@@ -325,7 +323,7 @@ Resources:
   NewRelicLogsS3ARNConstructionLambdaLogGroup:
     Type: AWS::Logs::LogGroup
     DeletionPolicy: Delete
-    DependsOn: NewRelicLogsS3ARNConstructionLambda
+    Condition: AddS3Trigger
     Properties:
       RetentionInDays: 14
       LogGroupName: !Sub "/aws/lambda/${NewRelicLogsS3ARNConstructionLambda}"
@@ -452,7 +450,7 @@ Resources:
   NewRelicLogsLogGroupArnConstructionLambdaLogGroup:
     Type: AWS::Logs::LogGroup
     DeletionPolicy: Delete
-    DependsOn: NewRelicLogsLogGroupArnConstructionLambda
+    Condition: AddCloudwatchTrigger
     Properties:
       RetentionInDays: 14
       LogGroupName: !Sub "/aws/lambda/${NewRelicLogsLogGroupArnConstructionLambda}"
diff --git a/s3-trigger-stack.yaml b/s3-trigger-stack.yaml
index af531dd..980894c 100644
--- a/s3-trigger-stack.yaml
+++ b/s3-trigger-stack.yaml
@@ -204,7 +204,7 @@ Resources:
   NewRelicLogsS3BucketTriggerLambdaLogGroup:
     Type: AWS::Logs::LogGroup
     DeletionPolicy: Delete
-    DependsOn: NewRelicLogsS3BucketTriggerLambda
+    Condition: HasValidS3Buckets
     Properties:
       RetentionInDays: 14
       LogGroupName: !Sub "/aws/lambda/${NewRelicLogsS3BucketTriggerLambda}"

From 2813b7732f0a966a37fffea659050f4a0bca3702 Mon Sep 17 00:00:00 2001
From: Anusha Hegde <ahegde@newrelic.com>
Date: Thu, 16 Oct 2025 15:02:01 +0530
Subject: [PATCH 3/3] fixes

---
 lambda-template.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lambda-template.yaml b/lambda-template.yaml
index 6ef988f..50710ae 100644
--- a/lambda-template.yaml
+++ b/lambda-template.yaml
@@ -137,7 +137,7 @@ Resources:
   NewRelicLogsAttributeValidationLambdaLogGroup:
     Type: AWS::Logs::LogGroup
     DeletionPolicy: Delete
-    DependsOn: NewRelicLogsAttributeValidationLambda
+    Condition: IsCommonAttributesNotBlank
     Properties:
       RetentionInDays: 14
       LogGroupName: !Sub "/aws/lambda/${NewRelicLogsAttributeValidationLambda}"