AWS RDS database logs set retention period for log group

0
votes

As per AWS documentation for RDS -

Publishing database logs to Amazon CloudWatch Logs

In addition to viewing and downloading DB instance logs, you can publish logs to Amazon CloudWatch Logs. With CloudWatch Logs, you can perform real-time analysis of the log data, store the data in highly durable storage, and manage the data with the CloudWatch Logs Agent. AWS retains log data published to CloudWatch Logs for an indefinite time period unless you specify a retention period.

I have two questions

  1. I am trying to figure out how to set the retention period in terraform The terraform syntax for DbInstance doesn't seem to have parameter for setting a custom log group name

  2. What is the best practice for the RDS database logs , I am assuming the logs should be archived in S3 after certain period using S3 lifecycle rules ? Is that correct ? How to accomplish that using Terraform

I was unable to find anything on internet for this topic. Any help is really appreciated.

1
amazon-web-servicesterraformamazon-rds

1 Answers

1
votes
  1. Retention period

This is not an option you can set when you create your DB. The way it works is that RDS is going to create log group for you in CloudWatch Logs, e.g. /aws/rds/instance/<your-db-id>/error which retention is Never expire.

To change that you have to use either AWS console, AWS CLI or SDK at the level of the log group, not RDS. To do this in TF, you can use local-exec with AWS CLI to run put-retention-policy and change the retention period.

  1. CloudWatch Logs to S3.

You can create Subscription Filters with Amazon Kinesis Data Firehose to the log group which will write to S3. But again, this is not the setting of RDS, but the log group. So just like before, you have to modify the log group created by RDS using AWS CLI through local-exec for instance.