State Farm® Open Source - Default CloudWatch Log Group Retention

Benefitting the open source community through contributions and project publishing

Clete Blackwell II
Principal Technology Engineer
Harry Manny
Software Engineer
Rex Bennett
Technology Analyst


State Farm® is committed to growing the open source community. Our technology team has contributed multiple projects to the community, and today we would like to tell you about our latest project! We’ve published a project which sets a log retention period on CloudWatch Logs. It’s called terraform-aws-default-log-retention, and it can help lower costs and increase compliance.

Default CloudWatch Log Group Retention

Amazon CloudWatch is a monitoring tool that has many features. Among those features is the ability to store application logs.

Log groups can be created in a variety of ways. Many AWS services will create log groups the first time your application code is invoked. By default, when a log group is created in this manner, it has no retention set:

forever retention

A lack of retention for logs can result in increased log storage costs and can cause you to fall out of compliance with information retention policies.

This is where our new Terraform module, terraform-aws-default-log-retention, can help. After you install the module in each active region of your AWS account, it will begin setting default log retention policies for all log groups:

limited retention

It’s as simple as that! Now, log groups will automatically expire old messages without any additional configuration.

Never fear: this module will not affect any log group that has a retention period already set. Also, the retention period that the module sets is fully customizable. Check out our documentation for a list of all available customizations.

Try out terraform-aws-default-log-retention in your AWS account today!