turbot/aws_thrifty

Control: CloudWatch Log Groups retention should be enabled

Description

All log groups should have a defined retention configuration.

Usage

Run the control in your terminal:

powerpipe control run aws_thrifty.control.cw_log_group_retention

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_thrifty.control.cw_log_group_retention --share

Steampipe Tables

SQL

select
arn as resource,
case
when retention_in_days is null then 'alarm'
else 'ok'
end as status,
case
when retention_in_days is null then name || ' does not have data retention enabled.'
else name || ' is set to ' || retention_in_days || ' day retention.'
end as reason
, region, account_id
from
aws_cloudwatch_log_group;

Tags