Control: Kinesis streams should have an adequate data retention period

Description

This control checks whether an Amazon Kinesis data stream has a data retention period greater than or equal to the specified time frame. The control fails if the data retention period is less than the specified time frame. Unless you provide a custom parameter value for the data retention period, Security Hub uses a default value of 168 hours.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.kinesis_stream_retention_period_168_hours

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.kinesis_stream_retention_period_168_hours --share

SQL

This control uses a named query:

select
  stream_arn as resource,
  case
    when retention_period_hours = 168 then 'ok'
    else 'alarm'
  end as status,
  title || ' retention period set to ' || retention_period_hours || ' hours.' as reason
  
  , region, account_id
from
  aws_kinesis_stream;

Control: Kinesis streams should have an adequate data retention period

Description

Usage

SQL

Tags