turbot/terraform_aws_compliance

Control: CloudTrail trail logs should be encrypted with KMS CMK

Description

To help protect sensitive data at rest, ensure encryption is enabled for your Amazon CloudWatch Log Groups.

Usage

Run the control in your terminal:

powerpipe control run terraform_aws_compliance.control.cloudtrail_trail_logs_encrypted_with_kms_cmk

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run terraform_aws_compliance.control.cloudtrail_trail_logs_encrypted_with_kms_cmk --share

SQL

This control uses a named query:

cloudtrail_trail_logs_encrypted_with_kms_cmk

Tags