Key Management Errors
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-320: CWE CATEGORY: Key Management Errors |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
An AWS CloudWatch Log Group is defined without specifying a ‘retention_in_days’ value, which means logs are kept indefinitely. This can lead to unnecessary accumulation of sensitive log data.
Impact#
Without a log retention policy, sensitive information may be stored longer than necessary, increasing the risk of data exposure if the logs are accessed by unauthorized users or in the event of a breach. This can also lead to higher storage costs and compliance issues.