Get Involved
Query: CloudTrail trail logs should be encrypted with KMS CMK
Description
To help protect sensitive data at rest, ensure encryption is enabled for your AWS CloudWatch Log Groups.
Query
Tables used in this query:
Controls using this query:
- 2 CloudTrail should have encryption at rest enabled
- 2.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- 4.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
- CloudTrail trail logs should be encrypted with KMS CMK