Trying to add tags to cloudwatchLog group using ResourceGroupsTaggingAPI service using boto3.
Code seems to be executing with out errors but don't see the tags being added.
How to add tags to cloudwatchLog group?
Code:
log_group=[]
client = boto3.client('logs')
client_api=boto3.client('resourcegroupstaggingapi')
def lambda_handler(event, context):
paginator = client.get_paginator('describe_log_groups')
response_iterator = paginator.paginate()
for page in response_iterator:
for grp in page['logGroups']:
log_group.append(str(grp['arn']))
client_api.tag_resources(
ResourceARNList=log_group,
Tags={
'Header1':'value1',
'Header2':'value2',
'header3':'value3'}
)
A couple of things here.
Print the response of tag_resources API, it could contain messages that will point you in the right direction.
You're using the newer tag_resources API. This API is built on top of older, per resource, APIs. Like tag_log_group API in this case. This means your lambda will need permissions on tag:TagResources and on logs:TagLogGroup.
You are sending ARNs that you got by calling describe_log_groups. These ARNs will be of the form arn:aws:logs:REGION:ACCOUNT:log-group:LOG_GROUP_NAME:*. Since the underline tag_log_group API works with log groups names and not ARNs, you need to drop the last :* from the ARN so the correct log group name can be extracted.
I'm not 100% sure you can even see tags on log groups in the UI. You may need to call list_tags_log_group API to verify the tags are there.