Control: CloudTrail trail logs should be encrypted with KMS CMK
Description
To help protect sensitive data at rest, ensure encryption is enabled for your Amazon CloudWatch Log Groups.
Usage
Run the control in your terminal:
powerpipe control run terraform_aws_compliance.control.cloudtrail_trail_logs_encrypted_with_kms_cmkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_aws_compliance.control.cloudtrail_trail_logs_encrypted_with_kms_cmk --shareSQL
This control uses a named query:
cloudtrail_trail_logs_encrypted_with_kms_cmk