🚀Launch Week 08, April 14th - 18th, 2025🚀
Mods
AWS

Control: AWS > Logs > Log Group > Retention

Take an action when an AWS Logs log group's retention period is not configured according to the AWS > Logs > Log Group > Retention > * policies.

The Retention control determines whether the log group has an appropriate retention period configured, and if not, has the ability to update it. When running an automated compliance environment, it's important to ensure log groups have appropriate retention periods to balance storage costs with compliance requirements.

This control checks the status of retention settings for the log group based on the defined period (AWS > Logs > Log Group > Retention > Period), raises an alarm, and takes the defined enforcement action.

See Log Group Retention for more information.

Resource Types

This control targets the following resource types:

Policies

The following policies can be used to configure this control:

This control type relies on these other policies when running actions:

Permissions

Cloud permissions used by this control and its actions:

  • logs:DeleteRetentionPolicy
  • logs:PutRetentionPolicy

Category

In Your Workspace

Developers