github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/azure/network/AVD-AZU-0049/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/azure/network/AVD-AZU-0049/Terraform.md (about)

     1  
     2  Ensure flow log retention is turned on with an expiry of >90 days
     3  
     4  ```hcl
     5  resource "azurerm_network_watcher_flow_log" "good_watcher" {
     6  	network_watcher_name = "good_watcher"
     7  	resource_group_name = "resource-group"
     8  
     9  	network_security_group_id = azurerm_network_security_group.test.id
    10  	storage_account_id = azurerm_storage_account.test.id
    11  	enabled = true
    12  
    13  	retention_policy {
    14  		enabled = true
    15  		days = 90
    16  	}
    17  }
    18  	
    19  ```
    20  
    21  #### Remediation Links
    22   - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_watcher_flow_log#retention_policy
    23