Log Retention Is Not Greater Than 90 Days

  • Query id: ed6cf6ff-9a1f-491c-9f88-e03c0807f390
  • Query name: Log Retention Is Not Greater Than 90 Days
  • Platform: Terraform
  • Severity: Low
  • Category: Observability
  • CWE: 778
  • URL: Github

Description

OSS Log Store should have logging enabled for longer than 90 days, for better visibility of resources and objects.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "alicloud_log_project" "example2" {
  name        = "tf-log"
  description = "created by terraform"
}

resource "alicloud_log_store" "example2" {
  project               = alicloud_log_project.example.name
  name                  = "tf-log-store"
  shard_count           = 3
  auto_split            = true
  max_split_shard_count = 60
  append_meta           = true
}
Positive test num. 2 - tf file
resource "alicloud_log_project" "example4" {
  name        = "tf-log"
  description = "created by terraform"
}

resource "alicloud_log_store" "example4" {
  project               = alicloud_log_project.example.name
  name                  = "tf-log-store"
  retention_period      = 60
  shard_count           = 3
  auto_split            = true
  max_split_shard_count = 60
  append_meta           = true
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "alicloud_log_project" "example1" {
  name        = "tf-log"
  description = "created by terraform"
}

resource "alicloud_log_store" "example1" {
  project               = alicloud_log_project.example.name
  name                  = "tf-log-store"
  retention_period      = 91
  shard_count           = 3
  auto_split            = true
  max_split_shard_count = 60
  append_meta           = true
}