Create encryption for all log group of Cloudwatch at a time using aws cli or CDK

Question

In order to create an encryption for CloudWatch all log groups using the CLI command , individual log group names are required. Is there a way to encrypt all log groups in CloudWatch at a time using a single command? or is there a way to do it using CDK?

I followed the following AWS document:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html

For associating KMS key each time asking me to give individual group name.

aws logs associate-kms-key --log-group-name my-log-group --kms-key-id "key-arn"

score 1 · Accepted Answer · answered Jan 26 '22 at 18:21

Using the CLI or any of the SDKs you could get a list of all the log groups and then encrypt one by one using a loop.

For the python3 SDK (Boto3) this is the relevant documentation regarding the describe_log_groups function. Your final code should look like this:

import boto3
client = boto3.client('logs')
response = client.describe_log_groups()
for log_group in response['logGroups']:
    client.associate_kms_key(
        logGroupName=log_group['logGroupName'],
        kmsKeyId='key-arn'
    )

Create encryption for all log group of Cloudwatch at a time using aws cli or CDK

1 Answers1

Linked