What is the maximum retention period for AWS CloudTrail logs?

The maximum retention period for AWS CloudTrail logs can be up to several years, depending on how you configure the storage of those logs. By default, AWS CloudTrail retains logs for 90 days in the management console, but if you want to keep logs for a longer period, you have the option to configure AWS CloudTrail to deliver log files to an Amazon S3 bucket. Once stored in S3, you can set your own retention policies, allowing you to store logs for as long as you need, whether it's for compliance, auditing, or analysis.

This flexibility in configuring retention through S3 makes it possible for organizations to meet varying regulatory requirements and internal policies regarding data retention. In essence, the default retention is limited, but the capability to extend it indefinitely through S3 is what makes the configuration a primary feature of CloudTrail logs. This option is particularly valuable for users and organizations that require long-term storage and accessibility of their log data.