Query: CloudTrail trail logs should be encrypted with KMS CMK

Description

To help protect sensitive data at rest, ensure encryption is enabled for your AWS CloudWatch Log Groups.

Query

Tables used in this query:

• aws_cloudtrail_trail

Controls using this query:

• 2 CloudTrail should have encryption at rest enabled
• 2.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• CloudTrail trail logs should be encrypted with KMS CMK

SQL