CloudWatch Log Group Without KMS
- Query id: 0afbcfe9-d341-4b92-a64c-7e6de0543879
- Query name: CloudWatch Log Group Without KMS
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
AWS CloudWatch Log groups should be encrypted using KMS
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_cloudwatch_log_group" "negative1" {
name = "Yada"
tags = {
Environment = "production"
Application = "serviceA"
}
retention_in_days = 1
}