Query: CloudTrail trail logs should be encrypted with KMS CMK

Description

To help protect sensitive data at rest, ensure encryption is enabled for your AWS CloudWatch Log Groups.

Query

Tables used in this query:

• terraform_resource

Controls using this query:

• 2 CloudTrail should have encryption at rest enabled
• 2.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• 4.5 Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• CloudTrail trail logs should be encrypted with KMS CMK

SQL