Cloudtrail logs are not encrypted using AWS KMS-managed keys
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | DATA, PERMISSION |
Description
Cloudtrail logs record every action taken by a user, role or AWS service in the account as events. By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE). Log files should also be encrypted with an AWS Key Management Service (AWS KMS) key. This ensures only authorized users have access to the logs.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | True |
An attacker could have access to Cloudtrail logs and read them freely if they get compromised.
Remediation guidelines
Encrypt the Cloudtrail logs using an AWS KMS key.