---
title: Small activity log retention period
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > Small activity log retention period
---

# Small activity log retention period

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `37fafbea-dedb-4e0d-852e-d16ee0589326`

**Cloud Provider:** Azure

**Platform:** Ansible

**Severity:** Low

**Category:** Observability

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_monitorlogprofile_module.html)

### Description{% #description %}

Activity Log retention must be configured to retain logs for at least 365 days (or indefinitely). Short retention windows hinder incident response, forensic investigations, and regulatory compliance.

For Ansible `azure.azcollection.azure_rm_monitorlogprofile` / `azure_rm_monitorlogprofile` resources, the `retention_policy.enabled` property must be `true` and `retention_policy.days` must be set to `365` or greater, or to `0` to retain logs indefinitely. Tasks that omit `retention_policy`, set `retention_policy.enabled` to `false` (or `no`), or set `retention_policy.days` to a value between 1 and 364 are flagged.

Secure configuration example:

```yaml
- name: Configure Activity Log retention
  azure.azcollection.azure_rm_monitorlogprofile:
    name: my-log-profile
    locations:
      - global
    categories:
      - Write
      - Delete
      - Action
    retention_policy:
      enabled: yes
      days: 365
```

## Compliant Code Examples{% #compliant-code-examples %}

```yaml
- name: Create a log profile
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
    - eastus
    - westus
    categories:
    - Write
    - Action
    retention_policy:
      enabled: true
      days: 380
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```yaml
---
- name: Create a log profile
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
      - eastus
      - westus
    categories:
      - Write
      - Action
    retention_policy:
      enabled: False
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output

- name: Create a log profile2
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
      - eastus
      - westus
    categories:
      - Write
      - Action
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output

- name: Create a log profile3
  azure_rm_monitorlogprofile:
    name: myProfile
    location: eastus
    locations:
      - eastus
      - westus
    categories:
      - Write
      - Action
    retention_policy:
      enabled: True
      days: 50
    storage_account:
      resource_group: myResourceGroup
      name: myStorageAccount
  register: output
```