# Set retention period for CloudWatch Logs

## What It Does

Sets the retention period for CloudWatch Logs. This runbook ensures that logs are retained only for the necessary period, helping reduce unnecessary storage costs while keeping essential logs available for compliance or troubleshooting.

## Risk and Scope

| Detail                   | Value             |
| ------------------------ | ----------------- |
| **Risk Level**           | Low               |
| **AWS Service Targeted** | Amazon CloudWatch |

{% hint style="warning" %}

## Permissions Required

**Modify Permissions**

* `logs:PutRetentionPolicy`

**Read Permissions**

* `logs:DescribeLogGroups`

> These permissions are granted **only to the runbook**, not to the OneLens platform itself.
> {% endhint %}

## Optimization Policies Addressed

This runbook remediates violation tickets triggered by of the following policy:

| Policy ID | Policy Name                                                        |
| --------- | ------------------------------------------------------------------ |
| cw\_103   | CloudWatch log groups should have appropriate log retention period |
| cw\_102   | CloudWatch log groups should have a defined retention period       |

## Risk Mitigation

{% hint style="success" %}

## Risk Mitigation Strategy

* The change is assessed as **low risk** with limited scope and impact.
* **No downtime** is expected during or after implementation.
* **No additional safety measures** are required due to the non-disruptive nature of the change.
* A **rollback plan is not defined**, as standard procedures are sufficient to manage the change.
  {% endhint %}

## How to Install

Refer to the [Runbook Setup Guide ](/automate/remediations/runbooks/install-runbooks.md#installing-a-runbook)for steps to install and enable this runbook in your environment.

## Runbook Workflow

### Step 1: Start

**Trigger:** Begins the runbook to identify CloudWatch Logs groups and set the retention periods.

### Step 2: ValidateRetentionPeriod

**Action:** Executes a script to validate the current retention period of the CloudWatch Log group to check whether it matches the desired retention configuration.

### Step 3: If/Else

**Condition:** Checks if the retention period needs to be updated.

1. **If change is required:**
   1. **PutRetentionPolicy**\
      Executes the `PutRetentionPolicy` action to set the appropriate retention period for the log group.
2. **Else:**

* If no change is needed, the workflow terminates without making any modifications.

## See How It Works

<figure><img src="/files/pEspbqpMl7jDEh0E6wqs" alt=""><figcaption></figcaption></figure>

## Triggering the Runbook

To run this workflow:

### **1. Locate the Ticket**

Identify the ticket associated with the above mentioned policy violation.

### **2. Execute the Runbook**

Follow the steps described in the [executing a runbook](/automate/remediations/runbooks.md#executing-a-runbook) section to apply this runbook to the ticket.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onelens.cloud/automate/remediations/runbooks/runbook-catalog/set-retention-period-for-cloudwatch-logs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.