Control: AWS > Logs > Log Group > Retention

Take an action when an AWS Logs log group's retention period is not configured according to the AWS > Logs > Log Group > Retention > * policies.

The Retention control determines whether the log group has an appropriate retention period configured, and if not, has the ability to update it. When running an automated compliance environment, it's important to ensure log groups have appropriate retention periods to balance storage costs with compliance requirements.

This control checks the status of retention settings for the log group based on the defined period (AWS > Logs > Log Group > Retention > Period), raises an alarm, and takes the defined enforcement action.

See Log Group Retention for more information.

Resource Types

This control targets the following resource types:

AWS > Logs > Log Group

Policies

The following policies can be used to configure this control:

AWS > Logs > Log Group > Retention

This control type relies on these other policies when running actions:

AWS > Logs > Log Group > Retention > Period

Permissions

Cloud permissions used by this control and its actions:

logs:DeleteRetentionPolicy
logs:PutRetentionPolicy

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-logs#/control/types/logGroupRetention

Category URI

tmod:@turbot/turbot#/control/categories/resourceExpiration

GraphQL

query controlType(id: "tmod:@turbot/aws-logs#/control/types/logGroupRetention") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-logs#/control/types/logGroupRetention'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-logs#/control/types/logGroupRetention"