Bulk change retention period of AWS Cloudwatch Log Groups

By default cloudwatch log groups will have a retention period of “Never expire” set when created. If you have a lot of cloudwatch log groups and want to set retention period for all of them at one shot, use the following powershell code snippet.

$profiles = ('cliprofilename')
foreach ($profile in $profiles){
echo "working on $profile"
$LogGroups = aws logs describe-log-groups --profile $profile --output text --query 'logGroups[*].[logGroupName]'
    foreach ($lg in $LogGroups) {
    echo "working on $lg"
    aws logs put-retention-policy --log-group-name $lg --retention-in-days 90 --profile $profile

The script requires you to have the AWS CLI profile configured on the machine it runs. Replace the profile name and the retention period to your liking. If ran on EC2 instances with IAM roles, the whole profile part can be skipped also.