Control: Kinesis streams should have an adequate data retention period
Description
This control checks whether an Amazon Kinesis data stream has a data retention period greater than or equal to the specified time frame. The control fails if the data retention period is less than the specified time frame. Unless you provide a custom parameter value for the data retention period, Security Hub uses a default value of 168 hours.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.kinesis_stream_retention_period_168_hours
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.kinesis_stream_retention_period_168_hours --share
SQL
This control uses a named query:
select stream_arn as resource, case when retention_period_hours = 168 then 'ok' else 'alarm' end as status, title || ' retention period set to ' || retention_period_hours || ' hours.' as reason , region, account_idfrom aws_kinesis_stream;