Ensure there is an Amazon CloudWatch log group created for the app tier, available in your AWS account. A CloudWatch log group defines a collection of log streams that share the same retention, monitoring, and access control settings. This conformity rule assumes that the AWS CloudWatch log group created for your app tier is using the following naming convention: <app_tier_log_group>. Prior to running this rule by the Cloud Conformity engine, the name of the app-tier log group must be defined in the rule settings, on your Cloud Conformity account dashboard. The retention settings for the app-tier log group can be also configured within the conformity rule settings.
Amazon CloudWatch Logs helps you to aggregate, monitor, and store logs. To send your system and/or application logs to AWS CloudWatch, log groups must be created. Separating the CloudWatch log group destinations on a per tier basis will allow unique settings to be applied on a per group basis for:
To determine if an app-tier CloudWatch log group exists in your AWS account, perform the following actions:
To create an app-tier CloudWatch log group in your AWS account, perform the following actions: