A config rule that checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The rule is COMPLIANT if the KmsKeyId is defined.

 
Tags
encryption
Items
1
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: cloud-trail-encryption-enabled
      Description: >-
        A config rule that checks whether AWS CloudTrail is configured to use
        the server side encryption (SSE) AWS Key Management Service (AWS KMS)
        customer master key (CMK) encryption. The rule is COMPLIANT if the
        KmsKeyId is defined.
      InputParameters: {}
      Scope:
        ComplianceResourceTypes: []
      Source:
        Owner: AWS
        SourceIdentifier: CLOUD_TRAIL_ENCRYPTION_ENABLED
      MaximumExecutionFrequency: TwentyFour_Hours
Parameters: {}
Metadata: {}
Conditions: {}

Customize Cf Template

Rule Parameters

No rule paramters
 
* Required field