Automating AWS CloudWatch Log Group Tagging with Python and Boto3

by

Managing tags for AWS CloudWatch log groups is crucial for operational visibility, cost management, and effective resource organization. Tagging log groups manually can be cumbersome, especially when dealing with a large number of log groups. This article outlines a straightforward method to automate this task using Python and the AWS SDK for Python (Boto3).

Importance of Automating CloudWatch Log Group Tagging

Automation ensures:

  • Consistent tagging across your AWS resources.
  • Reduced manual effort and human errors.
  • Enhanced ability to track costs and usage accurately.

Prerequisites

  • Python 3 installed
  • AWS CLI configured with appropriate permissions
  • Boto3 (pip install boto3)
  • IAM permissions:
    • logs:DescribeLogGroups
    • logs:ListTagsLogGroup
    • logs:TagLogGroup

Python Script for Tagging CloudWatch Log Groups

Below is a Python script that automatically applies specific tags to AWS CloudWatch log groups that currently have no tags.

Python Script

import boto3

AWS_REGION = 'us-east-1'  # Replace with your region

# Tags to apply
TAGS_TO_APPLY = {
    'provisioned': 'manual',
    'saas_env': 'dev4',
    'projectid': 'APP-30328',
}

def tag_cloudwatch_log_groups():
    logs_client = boto3.client('logs', region_name=AWS_REGION)

    paginator = logs_client.get_paginator('describe_log_groups')
    for page in paginator.paginate():
        for log_group in page['logGroups']:
            log_group_name = log_group['logGroupName']
            existing_tags = logs_client.list_tags_log_group(logGroupName=log_group_name).get('tags', {})

            if not existing_tags:
                print(f"Adding tags to log group '{log_group_name}'")
                logs_client.tag_log_group(
                    logGroupName=log_group_name,
                    tags=TAGS_TO_APPLY
                )
            else:
                print(f"Log group '{log_group_name}' already has tags. Skipping.")

if __name__ == '__main__':
    tag_cloudwatch_log_groups()

This script will iterate through all your CloudWatch log groups, applying tags only to log groups that currently have none.

Advantages

  • Simplified resource management
  • Enhanced cost allocation and auditing
  • Streamlined operational tasks

Conclusion

Automating CloudWatch log group tagging using Python and Boto3 simplifies administrative tasks and helps maintain a well-organized and cost-effective AWS environment.