You must be logged in to view saved presets
Cloudformation Guard Rules for Cloudwatch Logs
CloudFormation guard rules template for CloudWatch Log groups
The following rules are included:
- Retention Policy Configured
- KMS Encrypted for at-rest encryption
let logGroups = Resources.*[
Type == "AWS::Logs::LogGroup"
]
rule cloudwatchlogs_retention when %logGroups !empty {
%logGroups {
Properties {
RetentionInDays exists <<Retention policy is not configured.>>
}
}
}
rule cloudwatchlogs_kms_encrypted when %logGroups !empty {
%logGroups {
Properties {
KmsKeyId exists <<KMS encryption is not configured.>>
}
}
}
Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.