Description

Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CloudWatch to collect and track metrics, which are variables you can measure for your resources and applications.

CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields, or archive them securely for future analysis.


Rationale:

By configuring the retention period to a fixed amount of time all the old logs in the group get deleted and it will help reduce cloudwatch bill.


Impact:

To determine how long log events are retained in Amazon CloudWatch Logs, make sure your app-tier CloudWatch log group has a retention period specified. Log retention settings are assigned to CloudWatch log groups and the retention period set for a log group is applied to their log streams as well.


Default value:

By default, CloudWatch Logs will store your log data indefinitely.


Pre-Requisite:

  • Sign in as admin or IAM user with required permissions


Remediation:

Test Plan:

  • Login to AWS Management console

  • Go to Cloudwatch service at https://console.aws.amazon.com/cloudwatch/

  • Click on the Log Groups in the left navigation pane

  • Click on the Log group name you want to examine

  • In the details opened check the Retention

    If it is mentioned as Never expire it means the retention period is not configured

Using AWS CLI:

aws logs describe-log-groups 
  --log-group-name-prefix<Log group name>


Implementation Steps 

  • Login to AWS Management console

  • Go to Cloudwatch service at https://console.aws.amazon.com/cloudwatch/

  • Click on the Log Groups in the left navigation pane

  • Select the Log group name you want to modify and click on Actions and select Edit retention setting(s)

  • Choose the number of days you want to retain logs as per your organization terms

  • Click on save

Using AWS CLI:

aws logs put-retention-policy
  --log-group-name <log group name>
  --retention-in-days <value of number of days>

Backout Plan:

In case of any changes to make, follow the implementation steps and choose the retention period as required.


Reference:

Using Amazon CloudWatch metrics - Amazon CloudWatch