CloudWiki
Rules
Medium

Ensure CloudTrail logs are encrypted at rest

Security & Compliance
Description

By enabling SSE-KMS for Amazon CloudTrail log file encryption, you can increase the level of security and manageability of your encryption keys. Instead of relying on S3-Managed Encryption Keys (SSE-S3) managed by Amazon S3 by default, you can use your own Customer Master Keys (CMKs) to directly manage your encryption keys. To ensure that your Amazon CloudTrail logs are encrypted at rest, it is recommended to use Server-Side Encryption provided by Key Management Service (KMS). This will help enhance the security of your CloudTrail bucket and provide you with better control over who can access and read the CloudTrail log files within your organization.

Remediation

Here are the steps to ensure CloudTrail logs are encrypted at rest:

  1. Create a new S3 bucket or choose an existing one for storing CloudTrail logs.
  2. Ensure that server-side encryption is enabled on the S3 bucket. You can enable encryption using AWS Key Management Service (KMS) or use S3 managed encryption keys.
  3. Configure your CloudTrail trail to send log files to the encrypted S3 bucket. You can configure this during the initial setup of the trail or modify the settings of an existing trail.
  4. If necessary, modify the bucket policy to deny public access and allow access only to authorized AWS accounts or users.

By following these steps, you can ensure that your CloudTrail logs are encrypted at rest, which helps to protect sensitive data and meet compliance requirements for data protection.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.