Log Group Retention Period Rule
This rule mandates a minimum retention period of 365 days for log groups.
| Rule | Log group retention period should be at least 365 days |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ High |
Log Group Retention Period for FedRAMP Moderate Revision 4
Rule Description
As per the FedRAMP Moderate Revision 4 compliance requirements, the log group retention period should be at least 365 days. This ensures that the log data is retained for an extended duration, allowing organizations to meet regulatory and auditing obligations and effectively investigate security incidents within the cloud environment.
Troubleshooting Steps (if applicable)
If you encounter any issues or errors related to adjusting the log group retention period, follow these troubleshooting steps:
- 1.Ensure that you have the necessary permissions to modify the log group settings.
- 2.Verify that the log group(s) in question exist and are properly configured.
- 3.Confirm that the AWS CLI or SDK version being used is compatible with the log group modification operation.
- 4.Check if any service limitations or quotas are preventing the modification.
Necessary Code (if applicable)
To modify the log group retention period, you can use the AWS Command Line Interface (CLI) or any available SDK in your preferred programming language. Below is an example of how to modify the retention period using the AWS CLI:
aws logs describe-log-groups --query 'logGroups[?logGroupName==`<log-group-name>`]' --output json aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365
Replace
<log-group-name>Step-by-Step Guide for Remediation
Follow these steps to modify the log group retention period to meet the FedRAMP Moderate Revision 4 compliance requirement:
- 1.
Identify the target log group(s) for which you need to adjust the retention period.
- 2.
Open a terminal or command prompt, and ensure that you have the AWS CLI configured and available.
- 3.
Run the following command to retrieve information about the log group:
aws logs describe-log-groups --query 'logGroups[?logGroupName==`<log-group-name>`]' --output jsonReplace
with the actual name of the log group.<log-group-name> - 4.
Validate the returned information to verify that the correct log group has been identified.
- 5.
Run the following command to modify the retention period:
aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365Replace
with the actual name of the log group.<log-group-name> - 6.
Wait for the command to complete successfully. You should see a confirmation message indicating that the retention policy has been updated.
- 7.
Verify the change by confirming the new retention period for the log group using the
command.describe-log-groups
By following these steps, you can ensure that the log group retention period meets the FedRAMP Moderate Revision 4 compliance requirement of at least 365 days.