Loading controls...

Control: CloudTrail trail logs should be encrypted with KMS CMK

Description

To help protect sensitive data at rest, ensure encryption is enabled for your Amazon CloudWatch Log Groups.

Usage

Run the control in your terminal:

steampipe check terraform_aws_compliance.control.cloudtrail_trail_logs_encrypted_with_kms_cmk

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share terraform_aws_compliance.control.cloudtrail_trail_logs_encrypted_with_kms_cmk

SQL

This control uses a named query:

cloudtrail_trail_logs_encrypted_with_kms_cmk

Tags

aws_foundational_security = true

category = Compliance

nist_800_53_rev_4 = true

nist_csf = true

plugin = terraform

rbi_cyber_security = true

service = AWS/CloudTrail