@dmurawsky
I'm a jack of all trades with deep expertise in infrastructure, cloud, networking, and devsecops. In my spare time I also like to play around with self-hosting, embedded devices, camping, permaculture, sailing, and scouting
Mentoring, DevSecOps & cloud discussions, and chatting about technology in general
To answer my own question, and for anyone else that runs into this problem, the LogRetention class is the way to go. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_logs.LogRetention.html "Creates a custom resource to control the retention policy of a CloudWatch Logs log group. The log group is created if it doesn't already exist." This lets you manage the auto-created ones that already exist as well as create new ones that don't. It goes in cleanly and does the job. :)
This is awesome, and was a very helpful writeup in helping me understand aspects. Thank you! Unfortunately, the logging solution does not work for existing lambdas because they already have a log group created. I can't think of a good way of handling that other than changing the settings on the lambda function itself. A custom construct might be a better approach for that?
