17
Resources
16
Total Findings
16
Rules Executed
18
Unique Rules
1
Exception
3.371s
Timespent
Summary
Filter
CISRetentionAtLeast1Yr
Operation Excellence- Description
- CloudWatch Logs centralize logs from all of your systems, applications, and AWS services in a single, highly scalable service. You can use CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (EC2) instances, AWS CloudTrail, Amazon Route 53, and other sources. Retaining your logs for at least 1 year can help you comply with log retention standards.
- Resources
- ap-southeast-1: Log::/aws/ecs/containerinsights/pgw-dev/performance | Log::/aws/lambda/aws-controltower-NotificationForwarder | Log::StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-14329f2f-62a1-4442-a09f-6e78e85cc36f-VPCFlowLogsLogGroup-DRVWommDXpk7 | Log::managed-vpc-sg-flowlog
- us-east-1: Log::/aws/lambda/aws-controltower-NotificationForwarder | Log::StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-d6b8d890-ff02-4b15-87cd-ccfbfceb53f0-VPCFlowLogsLogGroup-bPnIbFrktH01
- Label
- Cost Incurred
- Recommendation
- CIS Cloudwatch Guide 16
SetRetentionDays
Cost Optimization- Description
- No retention day set in CloudWatch Log Groups. It incurs charges based on storage size
- Resources
- ap-southeast-1: Log::/aws/lambda/SecretsManagerrds-rotation-lambda | Log::/aws/logs/redis/pay1-sms-otp-redis-dev | Log::/aws/logs/redis/pgw-redis-dev | Log::/aws/rds/cluster/pgw-dev-db-cluster/postgresql | Log::/ecs/pgw/dev | Log::PaymentGateway-container | Log::PaymentGatewayCore-container | Log::msk-connector | Log::msk_broker_logs
- Recommendation
- CIS Cloudwatch Controls
trailWithoutCWLogs
Operation Excellence- Description
- CIS recommends that all CloudTrail to have logs store in CloudWatch so relevant CloudWatch log metrics control can be implement to heighten both AWS Security Pillar and Operation Excellence Pillar
- Resources
- us-east-1: ctLog::arn:aws:cloudtrail:us-east-1:737844837112:trail/SWOCloudTrail-Organizational
- Label
- Cost Incurred
- Recommendation
- CIS Cloudwatch Controls
Detail
ap-southeast-1
1. /aws/ecs/containerinsights/pgw-dev/performance
| Check | Current Value | Recommendation |
|---|---|---|
| CISRetentionAtLeast1Yr | 1 | To have at least 365 days retention |
2. /aws/lambda/SecretsManagerrds-rotation-lambda
| Check | Current Value | Recommendation |
|---|---|---|
| SetRetentionDays | 0.0039806365966796875 MB | Set retention days |
3. /aws/lambda/aws-controltower-NotificationForwarder
| Check | Current Value | Recommendation |
|---|---|---|
| CISRetentionAtLeast1Yr | 14 | To have at least 365 days retention |
4. /aws/logs/redis/pay1-sms-otp-redis-dev
| Check | Current Value | Recommendation |
|---|---|---|
| SetRetentionDays | 0.0005016326904296875 MB | Set retention days |
5. /aws/logs/redis/pgw-redis-dev
| Check | Current Value | Recommendation |
|---|---|---|
| SetRetentionDays | 0.00016498565673828125 MB | Set retention days |
6. /aws/rds/cluster/pgw-dev-db-cluster/postgresql
| Check | Current Value | Recommendation |
|---|---|---|
| SetRetentionDays | 9.228723526000977 MB | Set retention days |
7. /ecs/pgw/dev
| Check | Current Value | Recommendation |
|---|---|---|
| SetRetentionDays | 531753.2860488892 MB | Set retention days |
8. PaymentGateway-container
| Check | Current Value | Recommendation |
|---|---|---|
| SetRetentionDays | 0.46593189239501953 MB | Set retention days |
9. PaymentGatewayCore-container
| Check | Current Value | Recommendation |
|---|---|---|
| SetRetentionDays | 0.2864255905151367 MB | Set retention days |
10. StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-14329f2f-62a1-4442-a09f-6e78e85cc36f-VPCFlowLogsLogGroup-DRVWommDXpk7
| Check | Current Value | Recommendation |
|---|---|---|
| CISRetentionAtLeast1Yr | 90 | To have at least 365 days retention |
11. managed-vpc-sg-flowlog
| Check | Current Value | Recommendation |
|---|---|---|
| CISRetentionAtLeast1Yr | 60 | To have at least 365 days retention |
12. msk-connector
| Check | Current Value | Recommendation |
|---|---|---|
| SetRetentionDays | 2.073887825012207 MB | Set retention days |
13. msk_broker_logs
| Check | Current Value | Recommendation |
|---|---|---|
| SetRetentionDays | 1336.1283740997314 MB | Set retention days |
us-east-1
14. arn:aws:cloudtrail:us-east-1:737844837112:trail/SWOCloudTrail-Organizational
| Check | Current Value | Recommendation |
|---|---|---|
| trailWithoutCWLogs | None | CloudTrail to have CloudWatch Log |
15. /aws/lambda/aws-controltower-NotificationForwarder
| Check | Current Value | Recommendation |
|---|---|---|
| CISRetentionAtLeast1Yr | 14 | To have at least 365 days retention |
16. StackSet-AWSControlTowerBP-VPC-ACCOUNT-FACTORY-V1-d6b8d890-ff02-4b15-87cd-ccfbfceb53f0-VPCFlowLogsLogGroup-bPnIbFrktH01
| Check | Current Value | Recommendation |
|---|---|---|
| CISRetentionAtLeast1Yr | 90 | To have at least 365 days retention |