updating variable definitions for CKV_AWS_338; also missing end curly brace

cyphronix · cyphronix · commit 12b076523a18 · 2025-04-14T15:00:34.000-06:00
diff --git a/aws_sra_examples/terraform/solutions/security_hub/configuration/variables.tf b/aws_sra_examples/terraform/solutions/security_hub/configuration/variables.tf
@@ -129,7 +129,11 @@ variable "lambda_log_group_kms_key" {
 variable "lambda_log_group_retention" {
   description = "Specifies the number of days you want to retain log events"
   type        = number
-  default     = 14
+  default     = 365
+  validation {
+    condition = var.lambda_log_group_retention >= 365
+    error_message = "Cloudwatch log group retention must be at least 365 days to meet CKV_AWS338 best practice."
+  }
 }
 
 variable "lambda_log_level" {
diff --git a/aws_sra_examples/terraform/solutions/security_hub/variables.tf b/aws_sra_examples/terraform/solutions/security_hub/variables.tf
@@ -39,9 +39,10 @@ variable "cis_standard_version" {
   type        = string
   default     = "3.0.0"
   validation {
-    condition     = contains(["NONE", "1.2.0", "1.4.0", "3.0.0"], var.cis_standard_version)  # Changed to var.cis_standard_version
+    condition     = contains(["NONE", "1.2.0", "1.4.0", "3.0.0"], var.cis_standard_version)
     error_message = "Valid values for cis_standard_version are NONE, 1.2.0, 1.4.0, or 3.0.0."
   } 
+}
 
 variable "compliance_frequency" {
   description = "Frequency to Check for Organizational Compliance (in days between 1 and 30, default is 7)"
@@ -158,7 +159,11 @@ variable "lambda_log_group_kms_key" {
 variable "lambda_log_group_retention" {
   description = "Specifies the number of days you want to retain log events"
   type        = number
-  default     = 14
+  default     = 365
+  validation {
+    condition = var.lambda_log_group_retention >= 365
+    error_message = "Cloudwatch log group retention must be at least 365 days to meet CKV_AWS_338 best practice."
+  }
 }
 
 variable "lambda_log_level" {
