Description:
CloudWatch Log Groups are used to store logs from AWS resources and applications. By default, CloudWatch Log Groups retain logs for 1 day. However, you can increase the retention period to protect your logs from being deleted.
Rationale:
Increasing the retention period for CloudWatch Log Groups helps to protect your logs from being deleted. This is important because logs can be used to troubleshoot problems, investigate security incidents, and comply with regulations.
Impact:
Increasing the retention period for CloudWatch Log Groups has a number of positive impacts, including:
- Increased compliance: By retaining your logs for longer periods of time, you can meet your compliance requirements.
- Improved troubleshooting: By having access to your logs for longer periods of time, you can troubleshoot problems more effectively.
- Increased security: By retaining your logs for longer periods of time, you can investigate security incidents more effectively.
Default Value:
By default, CloudWatch Log Groups retain logs for 1 day. This means that you will need to manually increase the retention period if you want to protect your logs for longer periods of time.
Pre-requisites:
To increase the retention period for CloudWatch Log Groups, you will need:
- Access to the AWS Management Console or the AWS CLI.
- The ability to modify the configuration of your CloudWatch Log Groups.
Remediation Steps:
To remediate this issue, you can follow these steps:
- Log in to the AWS Management Console or the AWS CLI.
- Go to the CloudWatch console or the AWS CLI command line.
- Select the CloudWatch Log Group that you want to increase the retention period for.
- In the Configuration tab, scroll down to the Retention section.
- Select the Retention period dropdown and select the desired retention period.
- Click the Save button.
Test Plan:
To test the status of the retention period, you can follow these steps:
- Log in to the AWS Management Console or the AWS CLI.
- Go to the CloudWatch console or the AWS CLI command line.
- Select the CloudWatch Log Group that you increased the retention period for.
- In the Configuration tab, scroll down to the Retention section.
- Verify that the desired retention period is listed.
Implementation Plan:
To implement this policy, you can follow these steps:
- Create a new AWS Identity and Access Management (IAM) policy that allows users to modify the configuration of CloudWatch Log Groups.
- Attach the IAM policy to the IAM users or groups that need to be able to increase the retention period.
- Use the AWS Management Console or the AWS CLI to increase the retention period for your CloudWatch Log Groups.
AWS CLI Process:
To increase the retention period for CloudWatch Log Groups using the AWS CLI, you can use the following command:
aws logs put-retention-policy --region <region> --log-group-name <log-group-name> --retention-in-days <retention-in-days>
Using AWS GUI:
To increase the retention period for CloudWatch Log Groups using the AWS Management Console, you can follow these steps:
- Go to the AWS Management Console.
- Click on the CloudWatch service.
- Click on the Logs tab.
- Select the CloudWatch Log Group that you want to increase the retention period for.
- Click on the Configuration tab.
- Scroll down to the Retention section.
- Select the Retention period dropdown and select the desired retention period.
- Click on the Save button.
Backout Plan:
To revoke the changes that you made to increase the retention period, you can follow these steps:
- Log in to the AWS Management Console or the AWS CLI.
- Go to the CloudWatch console or the AWS CLI command line.
- Select the CloudWatch Log Group that you increased the retention period for.
- In the Configuration tab, scroll down to the Retention section.
- Select the Retention period dropdown and select the default retention period (1 day).
- Click the Save button.
Note:
This policy only applies to CloudWatch Log Groups that are created with the default retention period of 1 day.
AWS Reference:
https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutRetentionPolicy.html
https://docs.aws.amazon.com/config/latest/developerguide/cw-loggroup-retention-period-check.html
https://docs.aws.amazon.com/managedservices/latest/userguide/log-customize-retention.html