AWS Config Rule: CloudWatch LogGroup Retention Period Check

CW_LOGGROUP_RETENTION_PERIOD_CHECK

Fernando Honig

Last Update 8 maanden geleden

Description: Checks whether Amazon CloudWatch LogGroup retention period is set to specific number of days. The rule is NON_COMPLIANT if the retention period is not set or is less than the configured retention period.


Trigger type: Periodic


AWS Region: All supported AWS regions except Asia Pacific (Osaka) Region


How to Resolve Manually

To resolve this manually, you will need to ensure that your CloudWatch Log Groups are set with a retention period. Log Groups without a retention period will grow exponentially, which incurs additional cost.


A Cloudwatch log group with a retention cycle will rotate based on the time specified.

To configure a retention setting for one of your CloudWatch log groups, if you select it from the CloudWatch console dashboard, you will then be able to hit the Actions button at the top of the page, and then click configure retention setting. Once this is selected, you will be able to choose from a variety of periods offered as standard by AWS.


How to Resolve with StackZone

You can resolve with StackZone by enabling the CloudWatch Retention Period Check Remediation.


To do this, head on over to baseline services, cloudwatch -> remediation and set cloudwatch-retention-period-check-remediation to true


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us