Control: AWS > Logs > Log Group > Retention
Take an action when an AWS Logs log group's retention period is not configured according to the AWS > Logs > Log Group > Retention > *
policies.
The Retention control determines whether the log group has an appropriate retention period configured, and if not, has the ability to update it. When running an automated compliance environment, it's important to ensure log groups have appropriate retention periods to balance storage costs with compliance requirements.
This control checks the status of retention settings for the log group based on the defined period (AWS > Logs > Log Group > Retention > Period
), raises an alarm, and takes the defined enforcement action.
See Log Group Retention for more information.
Resource Types
This control targets the following resource types:
Policies
The following policies can be used to configure this control:
This control type relies on these other policies when running actions:
Permissions
Cloud permissions used by this control and its actions:
logs:DeleteRetentionPolicy
logs:PutRetentionPolicy
Category
In Your Workspace
Developers
- tmod:@turbot/aws-logs#/control/types/logGroupRetention
- tmod:@turbot/turbot#/control/categories/resourceExpiration
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-logs#/control/types/logGroupRetention"
Get Controls