aws-cloudwatch-log-retention

Ensure cloudwatch log groups specify retention days

Examples

Insecure Example

Terraform

resource "aws_cloudwatch_log_group" "insecure" {
  name              = "BigCorp"
  # retention_in_days is optional by default
}

CloudFormation

AWSTemplateFormatVersion: "2010-09-09"
Resources: 
  logGroup:
    Type: AWS::Logs::LogGroup
    Properties: 
      LogGroupName: "LogGroup"
      # RetentionInDays is optional by default

Secure Example

Terraform

resource "aws_cloudwatch_log_group" "insecure" {
  name              = "BigCorp"
  retention_in_days = 30
}

CloudFormation

AWSTemplateFormatVersion: "2010-09-09"
Resources: 
  logGroup:
    Type: AWS::Logs::LogGroup
    Properties: 
      LogGroupName: "LogGroup"
      RetentionInDays: 30

More information

• AWS Docs
• Terraform Docs
• Cloudformation Docs