Skip to main content

Configure AWS CloudWatch LogGroups should have a finite retention

  1. Configure AWS CloudWatch LogGroups should have a finite retention
  2. Use Case for AWS CloudWatch LogGroups should have a finite retention
  3. Triage Guides by Violation Type
    1. Triage AWS CloudWatch LogGroups should have a finite retention LOG_RETENTION_NO_LIMIT

How do I enable this policy?

Signature:
Type: Pyrae::Policy::PolicyDocument::Signatory
Properties:
SignatureTeamUrn: { "PyRef": "PyraeTeam" }
PolicyUrn: "urn:pyrae:policy:us-west-2:sAutx4ZxiqTJUzJdvky2km:policy/cloudWatchLogRetentionNoLimitPolicy"

What permissions does this policy require in my AWS account?

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups"
],
"Resource": "*"
}
]
}

What resources match this policy?

Type: Pyrae::Observer::MatchingRule
Properties:
MatchAccountType: aws
MatchUrnService: logs
MatchUrnResourceType: log-group