Create a log group cleanup script

Author: jameslinnell

.github/workflows/terraform-destroy-environment-manual.yml

@@ -1,53 +1,53 @@
 # .github/workflows/destroy.yml
 
-name: 'Destroy (Select Account) Environment'
+name: "Destroy (Select Account) Environment"
 
 on:
   workflow_dispatch:
     inputs:
       build_branch:
-        default: 'main'
-        description: 'Branch to use for the destroy action.'
+        default: "main"
+        description: "Branch to use for the destroy action."
         required: true
       sandbox_workspace:
-        description: 'The sandbox workspace to destroy.'
+        description: "The sandbox workspace to destroy."
         required: true
       terraform_vars:
-        default: 'dev.tfvars'
-        description: 'Terraform vars file to use.'
+        default: "dev.tfvars"
+        description: "Terraform vars file to use."
         required: true
       environment:
-        default: 'development'
-        description: 'Environment for destruction.'
+        default: "development"
+        description: "Environment for destruction."
         required: true
       backend:
-        default: 'backend.conf'
-        description: 'Terraform backend configuration.'
+        default: "backend.conf"
+        description: "Terraform backend configuration."
         required: true
   workflow_call:
     inputs:
       build_branch:
-        default: 'main'
-        description: 'Branch to use for the destroy action.'
+        default: "main"
+        description: "Branch to use for the destroy action."
         required: true
         type: "string"
       sandbox_workspace:
-        description: 'The sandbox workspace to destroy.'
+        description: "The sandbox workspace to destroy."
         required: true
         type: "string"
       terraform_vars:
-        default: 'dev.tfvars'
-        description: 'Terraform vars file to use.'
+        default: "dev.tfvars"
+        description: "Terraform vars file to use."
         required: true
         type: "string"
       environment:
-        default: 'development'
-        description: 'Environment for destruction.'
+        default: "development"
+        description: "Environment for destruction."
         required: true
         type: "string"
       backend:
-        default: 'backend.conf'
-        description: 'Terraform backend configuration.'
+        default: "backend.conf"
+        description: "Terraform backend configuration."
         required: true
         type: "string"
 
@@ -62,7 +62,7 @@ jobs:
     uses: ./.github/workflows/cleanup-cloudfront-edge-associations.yml
     with:
       sandbox_workspace: ${{ inputs.sandbox_workspace }}
-      lambda_function_name: '${{ inputs.sandbox_workspace }}_EdgePresignLambda'
+      lambda_function_name: "${{ inputs.sandbox_workspace }}_EdgePresignLambda"
       python_version: 3.11
       build_branch: ${{ inputs.build_branch }}
       environment: ${{ inputs.environment}}
@@ -131,3 +131,6 @@ jobs:
 
       - name: Run Terraform Workspace Cleanup Script
         run: ./venv/bin/python3 -u scripts/cleanup_terraform_states.py ${{ inputs.sandbox_workspace }}
+
+      - name: Run Log Group Cleanup Script
+        run: ./venv/bin/python3 -u scripts/cleanup_log_groups.py ${{ inputs.sandbox_workspace }}

infrastructure/main.tf

@@ -47,7 +47,7 @@ provider "aws" {
   }
 }
 
-resource "aws_resourcegroups_group" "resource_group" {
+resource "aws_resourcegroups_group" "workspace_resource_group" {
   name        = "${terraform.workspace}-resource_group"
   description = "${terraform.workspace} workspace resource group."
   tags = {

scripts/cleanup_log_groups.py

@@ -0,0 +1,48 @@
+import sys
+
+import boto3
+from botocore.exceptions import ClientError
+
+
+class CleanupLogGroups:
+
+    def __init__(self):
+        self.logs_client = boto3.client("logs")
+
+    def main(self, sandbox: str):
+        try:
+            paginator = self.logs_client.get_paginator("describe_log_groups")
+            log_groups_to_delete = []
+
+            for page in paginator.paginate():
+                for log_group in page.get("logGroups", []):
+                    log_group_name = log_group["logGroupName"]
+                    if sandbox in log_group_name:
+                        log_groups_to_delete.append(log_group_name)
+
+            if not log_groups_to_delete:
+                print(f"No log groups found matching pattern: {sandbox}")
+                return
+
+            for log_group_name in log_groups_to_delete:
+                print(f"Found log group: {log_group_name}")
+                # try:
+                #     self.logs_client.delete_log_group(logGroupName=log_group_name)
+                #     print(f"Deleted log group: {log_group_name}")
+                # except ClientError as e:
+                #     print(f"Failed to delete log group {log_group_name}: {e}")
+
+        except ClientError as e:
+            print(f"Error during log group cleanup: {e}")
+
+
+if __name__ == "__main__":
+    sandbox = sys.argv[1]
+    exclude_list = ["ndr-dev"]
+
+    if sandbox in exclude_list:
+        print("Cleanup log groups. Cannot delete protected environment")
+        sys.exit(1)
+
+    print(f"Attempting to cleanup the log_groups for: {sandbox}")
+    CleanupLogGroups().main(sandbox=sandbox)