turbot/aws_compliance

Query: cloudtrail_trail_logs_encrypted_with_kms_cmk

Usage

powerpipe query aws_compliance.query.cloudtrail_trail_logs_encrypted_with_kms_cmk

Steampipe Tables

SQL

select
arn as resource,
case
when kms_key_id is null then 'alarm'
else 'ok'
end as status,
case
when kms_key_id is null then title || ' logs are not encrypted at rest.'
else title || ' logs are encrypted at rest.'
end as reason,
region,
account_id
from
aws_cloudtrail_trail
where
region = home_region;

Controls

The query is being used by the following controls: