Skip to main content

Configure AWS CloudWatch LogGroups should have a finite retention

Quick Links

Configure AWS CloudWatch LogGroups should have a finite retention
Use Case for AWS CloudWatch LogGroups should have a finite retention
Triage Guides by Violation Type
1. Triage AWS CloudWatch LogGroups should have a finite retention LOG_RETENTION_NO_LIMIT

How do I enable this policy?

Signature:
  Type: Pyrae::Policy::PolicyDocument::Signatory
  Properties:
    SignatureTeamUrn: { "PyRef": "PyraeTeam" }
    PolicyUrn: "urn:pyrae:policy:us-west-2:sAutx4ZxiqTJUzJdvky2km:policy/cloudWatchLogRetentionNoLimitPolicy"

What permissions does this policy require in my AWS account?

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:DescribeLogGroups"
      ],
      "Resource": "*"
    }
  ]
}

What resources match this policy?

Type: Pyrae::Observer::MatchingRule
Properties:
  MatchAccountType: aws
  MatchUrnService: logs
  MatchUrnResourceType: log-group

Quick Links
How do I enable this policy?
What permissions does this policy require in my AWS account?
What resources match this policy?