Back to All Checks
Medium CloudWatch Regional

CloudWatch log groups should be retained for a specified time period

NISTISO 27001

Description

This check ensures that CloudWatch log groups have a retention policy of at least 1 year (365 days).

Remediation

To comply with this control, set the retention policy of CloudWatch log groups to at least 365 days. This ensures that log data is stored for a sufficient duration to meet compliance and auditing requirements.

Steps

  1. Sign in to the AWS Management Console and open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
  2. In the CloudWatch console, click on 'Logs' in the left navigation pane.
  3. Select the log group for which you want to set the retention policy.
  4. Click on the name of the log group to view its details.
  5. In the 'Log group details' section, click on the 'Edit' button next to 'Retention setting'.
  6. In the 'Edit retention setting' dialog, select a retention period of '365 days (1 year)' or more.
  7. Click on the 'Save' button to apply the new retention setting.

Compliance

NISTISO 27001
Start Your Free Security Check