Retain X>90 days of cloudtrail logs in a searchable tool
Enable cloudtrail logs for more than 90 days to facilitate investigating changes to resources.
Summary
At some point, an organization will want to answer who / what changed that resource, deleted that resource, etc. You'll want CloudTrail in a search tool (ELK, SumoLogic, Splunk, etc.) to quickly find out what happened.
Applicable To
Always applies
Resources
Cloudtrail
Maturity
Medium
Functions
CSPS
AWS
Author
Travis McPeak
Additional Links
