CloudTrail Log Files Not Encrypted With KMS
- Query id: 5d9e3164-9265-470c-9a10-57ae454ac0c7
- Query name: CloudTrail Log Files Not Encrypted With KMS
- Platform: Terraform
- Severity: Low
- Category: Encryption
- CWE: 326
- URL: Github
Description¶
Logs delivered by CloudTrail should be encrypted using KMS to increase security of your CloudTrail
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_cloudtrail" "positive1" {
name = "npositive_1"
s3_bucket_name = "bucketlog_1"
}