AWS Security ChangesHomeSearch

AWS solutions documentation change

Service: solutions · 2025-06-22 · Documentation medium

File: solutions/latest/workload-discovery-on-aws/security-1.md

Summary

Added Log Retention section explaining CloudWatch log retention configuration

Security assessment

Documents log retention policies as a security best practice for compliance/auditing. While not fixing a vulnerability, it highlights security-relevant configuration options for operational visibility.

Diff

diff --git a/solutions/latest/workload-discovery-on-aws/security-1.md b/solutions/latest/workload-discovery-on-aws/security-1.md
index c3138f74c..ffac7f1db 100644
--- a//solutions/latest/workload-discovery-on-aws/security-1.md
+++ b//solutions/latest/workload-discovery-on-aws/security-1.md
@@ -54,0 +55,4 @@ The OpenSearch Service cluster is built with node-to-node encryption activated t
+### Log Retention
+
+This solution captures application and service logs by creating CloudWatch logs groups in your account. By default, logs are kept for 1 year. You can [adjust the LogRetentionPeriod parameter](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html#SettingLogRetention) for each log group, keeping the default retention period, or choosing a period between one day and 10 years based on your requirements.
+