include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

For https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html[AWS Cloudwatch Logs]:

[source,terraform]
----
resource "aws_cloudwatch_log_group" "example" {
  name = "example"
  retention_in_days = 3 # Sensitive
}
----

For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:

[source,terraform]
----
resource "azurerm_firewall_policy" "example" {
  insights {
    enabled = true
    retention_in_days = 7 # Sensitive
  }
}
----

For https://cloud.google.com/logging/docs/routing/overview#buckets[Google Cloud Logging buckets]:

[source,terraform]
----
resource "google_logging_project_bucket_config" "example" {
    project = var.project
    location = "global"
    retention_days = 7 # Sensitive
    bucket_id = "_Default"
}
----

== Compliant Solution

For https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html[AWS Cloudwatch Logs]:

[source,terraform]
----
resource "aws_cloudwatch_log_group" "example" {
  name = "example"
  retention_in_days = 30
}
----

For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:

[source,terraform]
----
resource "azurerm_firewall_policy" "example" {
  insights {
    enabled = true
    retention_in_days = 30
  }
}
----

For https://cloud.google.com/logging/docs/routing/overview#buckets[Google Cloud Logging buckets]:

[source,terraform]
----
resource "google_logging_project_bucket_config" "example" {
    project = var.project
    location = "global"
    retention_days = 30
    bucket_id = "_Default"
}
----

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

endif::env-github,rspecator-view[]