5.6 Ensure Cloudwatch Log Group for Web Tier has a retention period

Information

Retention period should be used to specify how long log events are kept in CloudWatch Logs. Expired log events get deleted automatically. Just like metric filters, retention settings are also assigned to log groups, and the retention assigned to a log group is applied to their log streams.

Note:

* You can also use any third party log management tools (like Splunk, Loggly, AlertLogic Log Manager, etc.) as long as the recommendation goal is achieved.
* The below Audit and Remediation steps need to be modified for your specific log management tool, as they are provided in the benchmark only for Amazon Cloudwatch
Different log groups may require different retention periods, depending on operational and regulatory constraints.

Solution

Using the Amazon unified command line interface:

* Put a retention policy for your Web tier Cloudwatch log group:

aws logs put-retention-policy --log-group-name <_web_tier_log_group>_ --retention-in-days _<log_retention_period>_

See Also

https://workbench.cisecurity.org/files/260

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(4)

Plugin: amazon_aws

Control ID: 6b306799bc606cf98f4f119d1a7d1adf4e192856dd4cbd7be0aa3e44e0d536c7