Cloudformation: ECS TaskDefinition CloudWatch logs retention policy

Question

Is it possible to specify a CloudWatch logs retention policy in an ECS Task definition? Couldn't find any documentation about it.

ServiceTaskDefinition:
  Type: AWS::ECS::TaskDefinition
  Properties:
    ExecutionRoleArn: !GetAtt EcsTaskExecutionRole.Arn
    TaskRoleArn: !GetAtt EcsTaskRole.Arn
    Cpu: !Ref TaskDefinitionCpu
    Memory: !Ref TaskDefinitionMemory
    NetworkMode: awsvpc
    ContainerDefinitions:
      - Name: !Join ['-', ['container', !Ref AWS::StackName]]
        Image: !Ref EcrImage
        PortMappings:
          - ContainerPort: !Ref Port
            HostPort: !Ref Port
            Protocol: tcp
        Essential: true
        LogConfiguration:
          LogDriver: awslogs
          Options:
            awslogs-group: !Join ['', ['/ecs/', !Ref AWS::StackName]]
            awslogs-region: !Ref AWS::Region
            awslogs-stream-prefix: ecs
            awslogs-create-group: true
            # Retention policy ??

Answer 1

As with all other services that support logging to CloudWatch logs, if you want to set things like KMS encryption and log retention on the log group you have to create the log group first, with the settings you want, then configure the services to log to that log group.

Answer 2

Agree with other answer that there is no option to specify log retention in awslogs options

We need to create it and pass it along:

  CloudwatchLogsGroup:
    Type: 'AWS::Logs::LogGroup'
    Properties:
      LogGroupName: !Sub '${AWS::StackName}-ECSLogGroup'
      RetentionInDays: 14

Container Definition:

  ContainerTaskdefinition:
    Type: 'AWS::ECS::TaskDefinition'
    Properties:
      Family: !Ref 'AWS::StackName'
      ExecutionRoleArn: !Ref ECSTaskExecutionRole
      TaskRoleArn: !Ref ECSTaskExecutionRole
      Cpu: '256'
      Memory: 1GB
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - EC2
        - FARGATE
      ContainerDefinitions:
        - Name: !Ref 'AWS::StackName'
          Cpu: 256
          Essential: 'true'
          Image: !Ref Image
          Memory: '1024'
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref CloudwatchLogsGroup <-- refer to log group
              awslogs-region: !Ref 'AWS::Region'
              awslogs-stream-prefix: ecs

Answer 3

There appears to be no support for specifying the retention policy when you "auto create" the log group in the Task Definition. You could however create your log group out of band and let your Task Definition consume it (instead of auto creating it). The retention policy could be defined when you create the log group explicitly (that is, in the AWS::Logs::LogGroup definition). See here.