AWS-CloudWatchLogs-CloudWatch-Log-Retention-Period

Severity: Medium

Description: This control ensures that CloudWatch log groups have retention period set. CloudWatch log groups will store data infinite number of days. While the costs are not high, this is one of those services that can quietly sneak up and end up costing a fair amount every month. According to the requirement, we can set the retention policy.

Remediation Steps:

Perform following to configure CloudWatch log retention period :

1. Login to the AWS Management Console at https://console.aws.amazon.com

2. Go to CloudWatch in services

3. In left navigation panel under Logs, select Log groups .

4. Select the Log group that need to reconfigure.

5. Select Actions dropdown.

6. Select the Edit retention setting, select retention days from the dropdown.

7. Click on Save.

Important:

Reference:

• put-retention-policy — AWS CLI 1.36.6 Command Reference

• Working with log groups and log streams - Amazon CloudWatch Logs