From 418d31d4851e5e213f8df9dfac0d2d45144909c9 Mon Sep 17 00:00:00 2001
From: Robert Rathsack <robert.rathsack@sinnerschrader.com>
Date: Fri, 1 Aug 2025 18:23:18 +0200
Subject: [PATCH 1/3] replace deprecated cdk log retention

---
 src/cdk/create-lambda-function.ts    | 19 +++++++++++++------
 src/cdk/create-request-authorizer.ts | 10 ++++++++--
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/cdk/create-lambda-function.ts b/src/cdk/create-lambda-function.ts
index 75f2fd3..387fa0c 100644
--- a/src/cdk/create-lambda-function.ts
+++ b/src/cdk/create-lambda-function.ts
@@ -55,25 +55,27 @@ export function createLambdaFunction(
 
   const { monitoring } = stackConfig;
 
+  const uniqueFunctionNameHash = getHash(uniqueFunctionName);
+
   const filesystemProps = filesystem
     ? {
-        vpc: aws_ec2.Vpc.fromLookup(stack, `Vpc${getHash(uniqueFunctionName)}`, {
+        vpc: aws_ec2.Vpc.fromLookup(stack, `Vpc${uniqueFunctionNameHash}`, {
           vpcId: filesystem.vpcId,
         }),
         filesystem: aws_lambda.FileSystem.fromEfsAccessPoint(
           aws_efs.AccessPoint.fromAccessPointAttributes(
             stack,
-            `AccessPoint${getHash(uniqueFunctionName)}`,
+            `AccessPoint${uniqueFunctionNameHash}`,
             {
               accessPointId: filesystem.accessPointId,
               fileSystem: aws_efs.FileSystem.fromFileSystemAttributes(
                 stack,
-                `FileSystem${getHash(uniqueFunctionName)}`,
+                `FileSystem${uniqueFunctionNameHash}`,
                 {
                   fileSystemId: filesystem.fileSystemId,
                   securityGroup: aws_ec2.SecurityGroup.fromSecurityGroupId(
                     stack,
-                    `SecurityGroup${getHash(uniqueFunctionName)}`,
+                    `SecurityGroup${uniqueFunctionNameHash}`,
                     filesystem.securityGroupId,
                   ),
                 },
@@ -85,7 +87,12 @@ export function createLambdaFunction(
       }
     : undefined;
 
-  const fn = new aws_lambda.Function(stack, `Function${getHash(uniqueFunctionName)}`, {
+  const logGroup = new aws_logs.LogGroup(stack, `LogGroup${uniqueFunctionNameHash}`, {
+    retention: aws_logs.RetentionDays.TWO_WEEKS,
+    logGroupName: `/aws/lambda/${uniqueFunctionName}`,
+  });
+
+  const fn = new aws_lambda.Function(stack, `Function${uniqueFunctionNameHash}`, {
     functionName: uniqueFunctionName,
     code: aws_lambda.Code.fromAsset(dirname(path)),
     handler: `${basename(path, extname(path))}.handler`,
@@ -99,7 +106,7 @@ export function createLambdaFunction(
       monitoring === true || monitoring?.lambdaInsightsEnabled
         ? aws_lambda.LambdaInsightsVersion.VERSION_1_0_229_0
         : undefined,
-    logRetention: aws_logs.RetentionDays.TWO_WEEKS,
+    logGroup,
     role: lambdaServiceRole,
     ...filesystemProps,
   });
diff --git a/src/cdk/create-request-authorizer.ts b/src/cdk/create-request-authorizer.ts
index c4e339c..67a96f9 100644
--- a/src/cdk/create-request-authorizer.ts
+++ b/src/cdk/create-request-authorizer.ts
@@ -19,9 +19,15 @@ export function createRequestAuthorizer(
 
   const domainName = getDomainName(stackConfig);
   const functionName = `aws-simple-request-authorizer-${getHash(domainName)}`;
+  const functionNameHash = getHash(functionName);
+
+  const logGroup = new aws_logs.LogGroup(stack, `LogGroup${functionNameHash}`, {
+    retention: aws_logs.RetentionDays.TWO_WEEKS,
+    logGroupName: `/aws/lambda/${functionNameHash}`,
+  });
 
   return new aws_apigateway.RequestAuthorizer(stack, `RequestAuthorizer`, {
-    handler: new aws_lambda.Function(stack, `Function${getHash(functionName)}`, {
+    handler: new aws_lambda.Function(stack, `Function${functionNameHash}`, {
       functionName,
       code: aws_lambda.Code.fromAsset(
         join(dirname(fileURLToPath(import.meta.url)), `request-authorizer`),
@@ -34,7 +40,7 @@ export function createRequestAuthorizer(
       },
       runtime: aws_lambda.Runtime.NODEJS_22_X,
       tracing: aws_lambda.Tracing.PASS_THROUGH,
-      logRetention: aws_logs.RetentionDays.TWO_WEEKS,
+      logGroup,
     }),
     identitySources: [aws_apigateway.IdentitySource.header(`Authorization`)],
     resultsCacheTtl: Duration.seconds(authentication.cacheTtlInSeconds ?? 300),

From 6d233ae012f28e54fefe32d73194a1ef1c822769 Mon Sep 17 00:00:00 2001
From: Robert Rathsack <robert.rathsack@sinnerschrader.com>
Date: Mon, 4 Aug 2025 17:45:33 +0200
Subject: [PATCH 2/3] added removalPolicy = destroy to lambda log groups

---
 src/cdk/create-lambda-function.ts    | 3 ++-
 src/cdk/create-request-authorizer.ts | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/cdk/create-lambda-function.ts b/src/cdk/create-lambda-function.ts
index 387fa0c..ac0d5ac 100644
--- a/src/cdk/create-lambda-function.ts
+++ b/src/cdk/create-lambda-function.ts
@@ -1,5 +1,5 @@
 import type { LambdaRoute, StackConfig } from '../parse-stack-config.js';
-import type { Stack } from 'aws-cdk-lib';
+import { type Stack, RemovalPolicy } from 'aws-cdk-lib';
 
 import { getDomainName } from '../utils/get-domain-name.js';
 import { getHash } from '../utils/get-hash.js';
@@ -90,6 +90,7 @@ export function createLambdaFunction(
   const logGroup = new aws_logs.LogGroup(stack, `LogGroup${uniqueFunctionNameHash}`, {
     retention: aws_logs.RetentionDays.TWO_WEEKS,
     logGroupName: `/aws/lambda/${uniqueFunctionName}`,
+    removalPolicy: RemovalPolicy.DESTROY,
   });
 
   const fn = new aws_lambda.Function(stack, `Function${uniqueFunctionNameHash}`, {
diff --git a/src/cdk/create-request-authorizer.ts b/src/cdk/create-request-authorizer.ts
index 67a96f9..60b7b4b 100644
--- a/src/cdk/create-request-authorizer.ts
+++ b/src/cdk/create-request-authorizer.ts
@@ -1,5 +1,5 @@
 import type { StackConfig } from '../parse-stack-config.js';
-import type { Stack } from 'aws-cdk-lib';
+import { type Stack, RemovalPolicy } from 'aws-cdk-lib';
 
 import { getDomainName } from '../utils/get-domain-name.js';
 import { getHash } from '../utils/get-hash.js';
@@ -24,6 +24,7 @@ export function createRequestAuthorizer(
   const logGroup = new aws_logs.LogGroup(stack, `LogGroup${functionNameHash}`, {
     retention: aws_logs.RetentionDays.TWO_WEEKS,
     logGroupName: `/aws/lambda/${functionNameHash}`,
+    removalPolicy: RemovalPolicy.DESTROY,
   });
 
   return new aws_apigateway.RequestAuthorizer(stack, `RequestAuthorizer`, {

From 387a2462514a7a3aaa0f2750db72efd530ccc8cc Mon Sep 17 00:00:00 2001
From: Robert Rathsack <robert.rathsack@sinnerschrader.com>
Date: Mon, 4 Aug 2025 17:56:49 +0200
Subject: [PATCH 3/3] use functionName for authorizer log group

---
 src/cdk/create-request-authorizer.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cdk/create-request-authorizer.ts b/src/cdk/create-request-authorizer.ts
index 60b7b4b..a6c012a 100644
--- a/src/cdk/create-request-authorizer.ts
+++ b/src/cdk/create-request-authorizer.ts
@@ -23,7 +23,7 @@ export function createRequestAuthorizer(
 
   const logGroup = new aws_logs.LogGroup(stack, `LogGroup${functionNameHash}`, {
     retention: aws_logs.RetentionDays.TWO_WEEKS,
-    logGroupName: `/aws/lambda/${functionNameHash}`,
+    logGroupName: `/aws/lambda/${functionName}`,
     removalPolicy: RemovalPolicy.DESTROY,
   });