Skip to content

[Enhancement] aws_cloudwatch_log_group: Add support for log_group_class = "DELIVERY" with retention policy handling #42658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

[Enhancement] aws_cloudwatch_log_group: Add support for log_group_class = "DELIVERY" with retention policy handling #42658

wants to merge 5 commits into from

Conversation

tabito-hara
Copy link
Contributor

@tabito-hara tabito-hara commented May 17, 2025
edited
Loading

Rollback Plan

If a change needs to be reverted, we will publish an updated version of the library.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

Descriptio

  • To support the DELIVERY log group class introduced in the updated AWS SDK for Go v2—required by the recently introduced Lambda additional logging destinations (see also Add support for new Lambda logging destinations: S3 and Data Firehose #42573), diffs on retention_in_days are now suppressed when log_group_class = "DELIVERY", and operations related to the retention policy are skipped even if retention_in_days is specified.

    • When log_group_class = "DELIVERY", retention policy operations (such as PutRetentionPolicy and DeleteRetentionPolicy) are rejected by the AWS API, and the retention period is forcibly set to 2 days.
    • Since the AWS API returns this value during the read operation, the Terraform state is refreshed to reflect retention_in_days = 2. If retention_in_days is not explicitly set in the configuration, Terraform attempts to reset it to 0, resulting in an unnecessary diff. This diff should be suppressed.
    • The implementation to suppress the diff is straightforward: if log_group_class has no changes and the current resource’s log_group_class is DELIVERY, any diff on retention_in_days is ignored.
    • Acceptance tests verify that no plan diffs occur, even when the retention_in_days value is modified in the configuration.

  • See [aws_cloudwatch_log_group] log_group_class = "DELIVERY" conflicts with retention policy operations #42657 for details.

Relations

Closes #42657
Relates #42573

Output from Acceptance Testing

$ make testacc TESTS=TestAccLogsGroup_ PKG=logs 
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.9 test ./internal/service/logs/... -v -count 1 -parallel 20 -run='TestAccLogsGroup_'  -timeout 360m -vet=off
2025/05/17 19:05:40 Initializing Terraform AWS Provider...
=== RUN   TestAccLogsGroup_basic
=== PAUSE TestAccLogsGroup_basic
=== RUN   TestAccLogsGroup_nameGenerate
=== PAUSE TestAccLogsGroup_nameGenerate
=== RUN   TestAccLogsGroup_namePrefix
=== PAUSE TestAccLogsGroup_namePrefix
=== RUN   TestAccLogsGroup_disappears
=== PAUSE TestAccLogsGroup_disappears
=== RUN   TestAccLogsGroup_kmsKey
=== PAUSE TestAccLogsGroup_kmsKey
=== RUN   TestAccLogsGroup_logGroupClass
=== PAUSE TestAccLogsGroup_logGroupClass
=== RUN   TestAccLogsGroup_retentionPolicy
=== PAUSE TestAccLogsGroup_retentionPolicy
=== RUN   TestAccLogsGroup_multiple
=== PAUSE TestAccLogsGroup_multiple
=== RUN   TestAccLogsGroup_skipDestroy
=== PAUSE TestAccLogsGroup_skipDestroy
=== RUN   TestAccLogsGroup_skipDestroyInconsistentPlan
=== PAUSE TestAccLogsGroup_skipDestroyInconsistentPlan
=== RUN   TestAccLogsGroup_logGroupClassDELIVERY1
=== PAUSE TestAccLogsGroup_logGroupClassDELIVERY1
=== RUN   TestAccLogsGroup_logGroupClassDELIVERY2
=== PAUSE TestAccLogsGroup_logGroupClassDELIVERY2
=== CONT  TestAccLogsGroup_basic
=== CONT  TestAccLogsGroup_skipDestroyInconsistentPlan
=== CONT  TestAccLogsGroup_retentionPolicy
=== CONT  TestAccLogsGroup_skipDestroy
=== CONT  TestAccLogsGroup_logGroupClassDELIVERY2
=== CONT  TestAccLogsGroup_logGroupClassDELIVERY1
=== CONT  TestAccLogsGroup_disappears
=== CONT  TestAccLogsGroup_logGroupClass
=== CONT  TestAccLogsGroup_kmsKey
=== CONT  TestAccLogsGroup_nameGenerate
=== CONT  TestAccLogsGroup_multiple
=== CONT  TestAccLogsGroup_namePrefix
--- PASS: TestAccLogsGroup_skipDestroy (29.81s)
--- PASS: TestAccLogsGroup_logGroupClassDELIVERY2 (30.12s)
--- PASS: TestAccLogsGroup_logGroupClass (30.62s)
--- PASS: TestAccLogsGroup_disappears (31.30s)
--- PASS: TestAccLogsGroup_multiple (31.35s)
--- PASS: TestAccLogsGroup_namePrefix (32.50s)
--- PASS: TestAccLogsGroup_basic (33.76s)
--- PASS: TestAccLogsGroup_nameGenerate (34.84s)
--- PASS: TestAccLogsGroup_skipDestroyInconsistentPlan (41.51s)
--- PASS: TestAccLogsGroup_logGroupClassDELIVERY1 (41.66s)
--- PASS: TestAccLogsGroup_retentionPolicy (56.31s)
--- PASS: TestAccLogsGroup_kmsKey (63.56s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/logs       67.685s

@github-actions GitHub Actions
Copy link

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/logs Issues and PRs that pertain to the logs service. size/M Managed by automation to categorize the size of a PR. labels May 17, 2025
@tabito-hara tabito-hara marked this pull request as ready for review May 17, 2025 10:58
@tabito-hara tabito-hara requested a review from a team as a code owner May 17, 2025 10:58
@justinretzolk justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels May 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/logs Issues and PRs that pertain to the logs service. size/M Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[aws_cloudwatch_log_group] log_group_class = "DELIVERY" conflicts with retention policy operations
2 participants
@tabito-hara @justinretzolk