5.7 Ensure Cloudwatch Log Group for App Tier has a retention period


Retention period should be used to specify how long log events are kept in CloudWatch Logs. Expired log events get deleted automatically. Just like metric filters, retention settings are also assigned to log groups, and the retention assigned to a log group is applied to their log streams.


* You can also use any third party log management tools (like Splunk, Loggly, AlertLogic Log Manager, etc.) as long as the recommendation goal is achieved.
* The below Audit and Remediation steps need to be modified for your specific log management tool, as they are provided in the benchmark only for Amazon Cloudwatch
Different log groups may require different retention periods, depending on operational and regulatory constraints.


Using the Amazon unified command line interface:

* Put a retention policy for your App tier Cloudwatch log group:

aws logs put-retention-policy --log-group-name <_app_tier_log_group>_ --retention-in-days _<log_retention_period>_

See Also


Item Details


References: 800-53|AU-9(4)

Plugin: amazon_aws

Control ID: f1d87b12ebb2bf18cee8c7825c1e6caf45c2cd943e850bc40b1b839f8bae1979