Overview

A Config rule that checks whether Amazon CloudWatch LogGroup retention period is set to specific number of days. The rule is NON_COMPLIANT if the retention period is not set or is less than the configured retention period.

Configuration Templates

Items
1
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: cw-loggroup-retention-period-check
      Description: >-
        A Config rule that checks whether Amazon CloudWatch LogGroup retention
        period is set to specific number of days. The rule is NON_COMPLIANT if
        the retention period is not set or is less than the configured retention
        period.
      Scope:
        ComplianceResourceTypes: []
      Source:
        Owner: AWS
        SourceIdentifier: CW_LOGGROUP_RETENTION_PERIOD_CHECK
      MaximumExecutionFrequency: TwentyFour_Hours
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Rule Parameters

 
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation:

© 2020 asecurecloud Inc. All Rights Reserved.