Ensure that your web-tier CloudWatch log group has the retention period feature configured in order to establish how long log events are kept in AWS CloudWatch Logs. Just like metric filters, retention settings are assigned to CloudWatch log groups and the retention period assigned to a log group is applied to their log streams as well. This conformity rule assumes that the AWS CloudWatch log group created for your web tier is using the following naming convention: <web_tier_log_group>. Prior to running this rule by the Cloud Conformity engine, the name and the retention settings (i.e. retention period) of the web-tier log group need to be defined in the rule settings, on your Cloud Conformity account dashboard.
The Amazon CloudWatch log group created for the web tier may require different retention settings than other log groups available, as the retention period depends on the operational and regulatory constraints applied to the specified group. Also, if the retention period for the web-tier log group is not configured, the logging data will be retained indefinitely and the service cost will increase.
Note: Make sure that you replace all <web_tier_log_group> placeholders found in the conformity rule content with the name of your own log group created for the web tier.
To determine if your web-tier CloudWatch log group has a retention period configured, perform the following:
Remediation / Resolution
To set the appropriate log retention period for your web-tier CloudWatch log group, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Web-Tier CloudWatch Log Group Retention Period
Risk level: Medium