Cloudtrail logs are not encrypted using AWS KMS-managed keys
- GG_ID: GG_IAC_0027
- Severity: HIGH
- Complexity: LOW
- Categories: DATA, PERMISSION
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
Cloudtrail logs record every action taken by a user, role or AWS service in the account as events. By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE). Log files should also be encrypted with an AWS Key Management Service (AWS KMS) key. This ensures only authorized users have access to the logs.
An attacker could have access to Cloudtrail logs and read them freely if they get compromised.
Encrypt the Cloudtrail logs using an AWS KMS key.