AWS > Cloudwatch >

CloudWatch Log Groups Encrypted

HIGH

Source

CloudSploit

cloudwatch-log-groups-encrypted

management console

CloudWatch Log Groups Encrypted

Ensure that the CloudWatch Log groups are encrypted using desired encryption level.

Log group data is always encrypted in CloudWatch Logs. You can optionally use AWS Key Management Service for this encryption.

Recommended Actions

Ensure CloudWatch Log groups have encryption enabled with desired AWS KMS key

Links

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.