Check provider logo

Check if CloudWatch Log Groups have a retention policy of specific days.

cloudwatch_log_group_retention_policy_specific_days_enabled

Severitymedium
ServicecloudwatchSubservicelogs
by Prowler

Check if CloudWatch Log Groups have a retention policy of specific days.

Risk

If log groups have a low retention policy of less than specific days, crucial logs and data can be lost.

Run this check with Prowler CLI

prowler aws --checks cloudwatch_log_group_retention_policy_specific_days_enabled

Run in Prowler Cloud

ARN template

arn:partition:cloudwatch:region:account-id:certificate/resource-id

Remediation

CLI

aws logs put-retention-policy --log-group-name <LOG_GROUP_NAME> --retention-in-days <DAYS>

Native IAC

https://docs.prowler.com/checks/aws/logging-policies/logging_13#cloudformation

Terraform

https://docs.prowler.com/checks/aws/logging-policies/logging_13#terraform

Other

https://docs.prowler.com/checks/aws/logging-policies/logging_13

WUI

Add Log Retention policy of specific days to log groups. This will persist logs and traces for a long time.

References:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Logs.html

Source Code

References

Resource Type

AwsLogsLogGroup

Related URL