turbot/aws_compliance

Query: log_group_encryption_at_rest_enabled

Usage

powerpipe query aws_compliance.query.log_group_encryption_at_rest_enabled

Steampipe Tables

SQL

select
arn as resource,
case
when kms_key_id is null then 'alarm'
else 'ok'
end as status,
case
when kms_key_id is null then title || ' not encrypted at rest.'
else title || ' encrypted at rest.'
end as reason
, region, account_id
from
aws_cloudwatch_log_group;

Controls

The query is being used by the following controls: