diff --git a/cloudtrail/cloudwatch.tf b/cloudtrail/cloudwatch.tf
index db4dd95..355eed2 100644
--- a/cloudtrail/cloudwatch.tf
+++ b/cloudtrail/cloudwatch.tf
@@ -8,11 +8,9 @@ locals {
 }
 
 resource "aws_cloudwatch_log_group" "this" {
-  name = local.name
-  #  kms_key_id        = var.kms_key_id
-  kms_key_id = var.kms_key_arn
-  # kms_key_id        = data.aws_kms_key.incoming_key.id
-  retention_in_days = 7
+  name              = local.name
+  kms_key_id        = var.kms_key_arn
+  retention_in_days = lookup(local._defaults["cloudwatch"], "retention_in_days", 7)
 
   tags = merge(
     local.base_tags,
diff --git a/common/defaults.tf b/common/defaults.tf
index 237ca24..2d08c8d 100644
--- a/common/defaults.tf
+++ b/common/defaults.tf
@@ -26,6 +26,9 @@ locals {
     "config" = {
       "name" = "inf-config"
     }
+    "cloudwatch" = {
+      "retention_in_days" = 14
+    }
     "splunk_description" = {
       "api_list" = [
         "ec2_volumes", "ec2_instances", "ec2_reserved_instances", "ec2_key_pairs", "ec2_security_groups", "ec2_images", "ec2_addresses",