Bash Script to Bulk Delete AWS CloudWatch Log Groups

The AWS Management Console does not allow you to bulk delete multiple AWS CloudWatch Log Groups. Instead, use this bash script to bulk delete AWS CloudWatch log groups.

The bash script will do the following:

  • Ask the AWS region you want to access.
  • Confirm the Cloud Watch Log Groups that it found in the specified AWS region.
  • Ask if it should delete the mentioned Cloud Watch Log Groups.
  • Delete each Cloud Watch Log Group, if you enter yes.

How to run the code

First, download the ‘Bash Script to Bulk Delete AWS CloudWatch Log Groups’ script using the following command:

sudo wget https://raw.githubusercontent.com/RepositoriumCodice/Scripts/master/Linux/BulkDeleteLogGroupsInAWS/aws.cloudwatch.loggroups.delete.sh

This script has been tested on Ubuntu 18.04 Server and Ubuntu 18.04 running via Windows Subsystem for Linux. Let me know if you have used it on a different platform.

Alternatively, visit the repository here to look at the script in more detail before you download it.

Ensure that the script has executed permissions.

sudo chmod 500 aws.cloudwatch.loggroups.delete.sh

Run the script via bash as root.

sudo ./aws.cloudwatch.loggroups.delete.sh

Example output:

Getting group names...
These log groups will be deleted:
logGroupName
RDSOSMetrics
ap-2a-adonis
ap-2a-adonis/api
ap-2a-adonis/api/5ced914e6e88b
ap-2a-adonis/api/5ced916160eff
Total 324 log groups

Proceed? y
Delete group logGroupName...
Delete group RDSOSMetrics... OK
Delete group ap-2a-adonis... OK
Delete group ap-2a-adonis/api... OK
Delete group ap-2a-adonis/api/5ced914e6e88b... OK
Delete group ap-2a-adonis/api/5ced916160eff... OK

The delete AWS Log Groups bash script will require the AWS CLI tools installed and configured.

The script

You can look at the script in more detail at: https://raw.githubusercontent.com/RepositoriumCodice/Scripts/master/Linux/BulkDeleteLogGroupsInAWS/aws.cloudwatch.loggroups.delete.sh:

First, the script asks your preferred AWS region

...
read -p "Please enter the AWS region [ap-southeast-2]? " region
region=${region:-ap-southeast-2}
...

The script will then list all the available AWS log groups in the region you specified using the AWS CLI command: aws logs describe-log-groups. Note: You may see some errors if you do not have the appropriate permissions.

...
echo Getting group names for $region...

LOG_GROUPS=$(
	aws logs describe-log-groups --output table --region $region |
		awk '{print $6}' |
		grep -v ^$ |
		grep -v DescribeLogGroups
)

echo These log groups will be deleted:
printf "${LOG_GROUPS}\n"
echo Total $(wc -l <<<"${LOG_GROUPS}") log groups
echo
...

The script will then ask whether or not you wish to proceed.

...
while true; do
    read -p "Proceed? [yn]" yn
    case $yn in
    [Yy]*) break ;;
    [Nn]*) exit ;;
    *) echo "Please answer yes or no." ;;
    esac
done
...

Lastly, the script will then use the AWS CLI command: aws logs delete-log-group to delete all the available log groups.

...
for name in ${LOG_GROUPS}; do
	printf "Delete group ${name}... "
	aws logs delete-log-group --log-group-name ${name} --region $region && echo OK || echo Fail
done

The AWS CLI Commands

The bash script uses AWS CLI commands to list and delete all the Cloud Watch Log Groups.

Describe Log Groups:

The bash script runs the following AWS CLI command: aws logs describe-log-groups.

The describe-log-groups command lists all the log groups that it finds in the specified region. You can list all your log groups or filter the results by prefix (with some modification).

You can describe your log groups manually by using the following example. The example describes a log group called ‘my-logs’. Use the ‘–region’ command to specify a specific AWS Region.

aws logs describe-log-groups --log-group-name-prefix my-logs

Delete Log Group:

The bash script runs the delete-log-group AWS CLI command for each log group once you confirm the deletion.

The delete-log-group command permanently deletes all the archived log events associated with the log group.

You can remove your log groups manually by using the following example. First, the example removes a log group called ‘my-logs’. Next, use the ‘–region’ command to specify a specific AWS Region.

aws logs delete-log-group --log-group-name my-logs

You can modify this bash script to support additional use cases.

You may also be interested in

About Anto Online

Anto, a seasoned technologist with over two decades of experience, has traversed the tech landscape from Desktop Support Engineer to enterprise application consultant, specializing in AWS serverless technologies. He guides clients in leveraging serverless solutions while passionately exploring cutting-edge cloud concepts beyond his daily work. Anto's dedication to continuous learning, experimentation, and collaboration makes him a true inspiration, igniting others' interest in the transformative power of cloud computing.

View all posts by Anto Online

5 Comments on “Bash Script to Bulk Delete AWS CloudWatch Log Groups”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.