AWS solutions documentation change
Summary
Added Log Retention section explaining CloudWatch log retention configuration
Security assessment
Documents log retention policies as a security best practice for compliance/auditing. While not fixing a vulnerability, it highlights security-relevant configuration options for operational visibility.
Diff
diff --git a/solutions/latest/workload-discovery-on-aws/security-1.md b/solutions/latest/workload-discovery-on-aws/security-1.md index c3138f74c..ffac7f1db 100644 --- a//solutions/latest/workload-discovery-on-aws/security-1.md +++ b//solutions/latest/workload-discovery-on-aws/security-1.md @@ -54,0 +55,4 @@ The OpenSearch Service cluster is built with node-to-node encryption activated t +### Log Retention + +This solution captures application and service logs by creating CloudWatch logs groups in your account. By default, logs are kept for 1 year. You can [adjust the LogRetentionPeriod parameter](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#SettingLogRetention) for each log group, keeping the default retention period, or choosing a period between one day and 10 years based on your requirements. +