Rule: Log group retention period should be at least 365 days
This rule ensures that the log group retention period is set to a minimum of 365 days to comply with security standards.
| Rule | Log group retention period should be at least 365 days |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description:
The rule requires the log group retention period to be set to a minimum of 365 days to comply with the NIST 800-53 Revision 5 security standard. This ensures that log data will be retained for an extended period, allowing for effective monitoring, analysis, and auditing of the system's activities.
Remediation Steps:
To remediate this rule and ensure compliance with the NIST 800-53 Revision 5 security standard, follow the steps outlined below:
Step 1: Access the AWS Management Console
Access the AWS Management Console by navigating to the AWS homepage (https://aws.amazon.com/) and clicking on the "Sign In to the Console" button.
Step 2: Open the CloudWatch Logs Dashboard
Once you are logged into the AWS Management Console, search for "CloudWatch" in the service search bar at the top of the page. Select "CloudWatch" from the search results.
Step 3: Navigate to Log Groups
In the left-hand navigation pane, click on "Logs" to access the CloudWatch Logs dashboard. Select the appropriate region from the drop-down menu if necessary.
Step 4: Select the Log Group
From the list of log groups, locate the log group that requires the retention period to be adjusted. Click on the log group name to proceed.
Step 5: Modify the Log Group Retention Period
In the log group details page, click on the "Actions" dropdown menu and select "Edit retention."
Step 6: Set the Retention Period
In the "Edit log group retention" dialog box, adjust the retention period to a minimum of 365 days by entering the desired value in the provided text field. Click on the "Save" button to apply the changes.
Troubleshooting:
If you encounter any issues while modifying the log group retention period, consider the following troubleshooting steps:
- 1.
Permission Errors: Ensure that you have the necessary permissions to modify the log group retention period. Check your IAM (Identity and Access Management) settings and ensure you have the required permissions.
- 2.
Region Mismatch: Verify that you are modifying the log group retention period in the correct AWS region. The log group retention setting is region-specific, so ensure you are making changes in the correct region.
- 3.
Log Group Not Found: If you cannot locate the specific log group, double-check the spelling and ensure you are searching in the correct AWS account and region. If the log group is part of a different AWS account, switch to that account to complete the modification.
- 4.
Invalid Retention Period Value: Ensure that you are entering a valid numeric value for the retention period. The value should be a minimum of 365 to comply with the NIST 800-53 Revision 5 security standard.
If the troubleshooting steps above do not resolve the issue, consider contacting AWS Support for further assistance.
Additional Information:
If you prefer to use AWS CLI to modify the log group retention period, utilize the following command:
$ aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365
Replace
<log-group-name>Please note that the above command assumes you have AWS CLI installed and properly configured on your local machine.