Ensure that your app-tier CloudWatch log group has a retention period configured in order to establish how long log events are kept in Amazon CloudWatch Logs. Log retention settings are assigned to CloudWatch log groups and the retention period set for a log group is applied to their log streams as well. This conformity rule assumes that the AWS CloudWatch log group created for your app tier is using the following naming convention: <app_tier_log_group>. Prior to running this rule by the Cloud Conformity engine, the name and the retention period of the app-tier log group need to be defined in the rule settings, on your Cloud Conformity account dashboard.
The AWS CloudWatch log group created for the app tier may require different retention settings than other log groups available, as the retention period depends on the operational and regulatory constraints applied to the specified group. Also, if the retention period for the app-tier log group is not configured at all, the logging data will be retained indefinitely and the service cost will increase.
Note: Make sure that you replace all <app_tier_log_group> placeholders found in the conformity rule content with the name of your own log group created for the app tier.
To determine if your app-tier CloudWatch log group has a retention period, perform the following actions:
Remediation / Resolution
To configure the log retention period for your app-tier CloudWatch log group, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
App-Tier CloudWatch Log Group Retention Period
Risk level: Medium