Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow setting KMS key id and tags when creating a CloudWatch log group #11185

Closed
matt-demers opened this issue Feb 3, 2022 · 0 comments · Fixed by #22274
Closed

Allow setting KMS key id and tags when creating a CloudWatch log group #11185

matt-demers opened this issue Feb 3, 2022 · 0 comments · Fixed by #22274
Labels
sink: aws_cloudwatch_logs Anything `aws_cloudwatch_logs` sink related type: enhancement A value-adding code change that enhances its existing functionality.

Comments

@matt-demers
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Current Vector Version

vector 0.16.0 (x86_64-unknown-linux-gnu 9e4174d 2021-08-25)

Use-cases

It would be helpful for us if the cloudwatch sink had more flexibility when using the create_missing_group option. We have a requirement that all cloudwatch log groups have a customer managed KMS key set for encryption. We would also like to be able to tag all of our log groups for cost accounting purposes.

Attempted Solutions

Since the cloudwatch sink does not have any options to configure these settings when the log group is created, we tried one workaround where we have a lambda function be triggered whenever a new log group is created to configure these settings. However, the initial logs that are put in cloudwatch which trigger a new log group to be created will be stored without this encryption key, and setting a new encryption key id does not re-configure the encryption of existing logs [1].

Proposal

It would be great if there were more settings on the cloudwatch log sink to set the KMS key id and the tags to pass to the CreateLogGroup api call [2]. And if possible, it would also be great if there was a setting to set the retention policy as well, although this is a separate api call from CreateLogGroup.

References

[1] https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html
[2] https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogGroup.html
@matt-demers matt-demers added the type: enhancement A value-adding code change that enhances its existing functionality. label Feb 3, 2022
@jszwedko jszwedko added the sink: aws_cloudwatch_logs Anything `aws_cloudwatch_logs` sink related label Feb 3, 2022
johannesfloriangeiger added a commit to johannesfloriangeiger/vector that referenced this issue Jan 22, 2025
@johannesfloriangeiger
vectordotdev#11185: Allow specifying a KMS key and tags for newly cre…
78ee272 
…ated AWS CloudWatch log groups.
Merged
10 tasks
johannesfloriangeiger added a commit to johannesfloriangeiger/vector that referenced this issue Jan 23, 2025
@johannesfloriangeiger
vectordotdev#11185: Checklist.
f175aba
johannesfloriangeiger added a commit to johannesfloriangeiger/vector that referenced this issue Jan 24, 2025
@johannesfloriangeiger
vectordotdev#11185: Rustdocs.
e6a70c8
johannesfloriangeiger added a commit to johannesfloriangeiger/vector that referenced this issue Jan 24, 2025
@johannesfloriangeiger
vectordotdev#11185: Unrelated changes to the Story it seems, but stil…
d7cf315 
…l present.
johannesfloriangeiger added a commit to johannesfloriangeiger/vector that referenced this issue Jan 24, 2025
@johannesfloriangeiger
vectordotdev#11185: Revert unrelated changes.
6f07d4c
johannesfloriangeiger added a commit to johannesfloriangeiger/vector that referenced this issue Jan 26, 2025
@johannesfloriangeiger
vectordotdev#11185: Rustdocs.
22e5563
github-merge-queue bot pushed a commit that referenced this issue Jan 27, 2025
@johannesfloriangeiger
feat (sink: aws_cloudwatch_logs) #11185: Allow specifying a KMS key a…
f151cab 
…nd tags for newly created AWS CloudWatch log groups. (#22274)

* #11185: Allow specifying a KMS key and tags for newly created AWS CloudWatch log groups.

* #11185: Checklist.

* #11185: Rustdocs.

* #11185: Unrelated changes to the Story it seems, but still present.

* #11185: Revert unrelated changes.

* #11185: Rustdocs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
sink: aws_cloudwatch_logs Anything `aws_cloudwatch_logs` sink related type: enhancement A value-adding code change that enhances its existing functionality.
Projects
None yet
Milestone
No milestone
2 participants
@jszwedko @matt-demers