Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
DT-742 Reduce retention of CloudTrail logs in S3 to 90 days
Browse files Browse the repository at this point in the history
BenRamchandani committed Jan 17, 2024
1 parent bd3ae2a commit fc9d55b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion terraform/production/main.tf
Original file line number Diff line number Diff line change
@@ -396,7 +396,7 @@ module "cloudtrail" {
environment = local.environment
include_data_events_for_bucket_names = ["data-collection-service-tfstate-production"]
cloudwatch_log_expiration_days = local.cloudwatch_log_expiration_days
s3_log_expiration_days = local.s3_log_expiration_days
s3_log_expiration_days = 90 # We're mostly interested in the CloudWatch logs, the central DLUHC account keeps a CloudTrail in S3 for security investigations
}

module "iam_roles" {

0 comments on commit fc9d55b

Please sign in to comment.