Guides
  1. cft policies
  2. CloudTrail

Ensure CloudTrail logs are encrypted at rest using KMS CMKs

Risk Level: High
Cloud Entity: CloudTrail
CloudGuard Rule ID: D9.CFT.LOG.01
Covered by Spectral: Yes
Category: Management Tools

GSL LOGIC

AWS_CloudTrail_Trail should have KMSKeyId

REMEDIATION

From CFT
Set AWS::CloudTrail::Trail KMSKeyId property to be a valid KMS key ID

References

  1. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
  2. https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html

CloudTrail

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

Compliance Frameworks

  • AWS CloudFormation ruleset

Updated 7 months ago