<- All Blueprints
Create a template that deploys...

AWS CloudWatch Log Group

This blueprint creates an AWS CloudWatch Log Group with best practices in mind, such as setting a default retention period of 14 days to prevent unlimited storage costs and optionally enabling encryption using a KMS key for enhanced security. It encourages the use of tags for better resource identification and management. The blueprint is organized to assist users, including those who may not be cloud infrastructure experts, in configuring essential settings easily.

Template code
Automatically generated UI

---
constants:
  __name: "{{ name }}_{{ __guid }}"
variables:
  name:
    desc: "Name of the CloudWatch Log Group."
    required: true
    group: Log Group Details
  retention_in_days:
    desc: "Number of days to retain log events."
    required: false
    group: Log Group Details
    default: 14
  kms_key_id:
    desc: "ARN of the KMS Key for encrypting log data."
    required: false
    group: Security
    links_to: resource.aws_kms_key.arn
  tags:
    group: Tags
    required: false
groups:
  Log Group Details:
    order: 1
    desc: "Basic settings for the CloudWatch Log Group."
  Security:
    order: 2
    desc: "Encryption settings for the log group."
  Tags:
    order: 3
    desc: "Tags to assign to the log group."
---

resource "aws_cloudwatch_log_group" "__name" {
  name              = {{ name }}
  retention_in_days = {{ retention_in_days }}
  kms_key_id        = {{ kms_key_id | required: false }}

  tags = {
    {{# tags }}
      {{ tags.key | required: false }} = {{ tags.value | required: false }}
    {{/ tags }}
  }
}

// Sets a default retention period to prevent unlimited storage costs.
// Allows optional encryption with KMS for enhanced security.
// Encourages tagging for resource identification and management.
//
What am I looking at?

Your CSPM can't fix cloud infrastructure

Learn how Resourcely can improve your cloud posture in days, not quarters