Overview

A config rule that checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The rule is COMPLIANT if the KmsKeyId is defined.

Configuration Templates

Items
1
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: cloud-trail-encryption-enabled
      Description: >-
        A config rule that checks whether AWS CloudTrail is configured to use
        the server side encryption (SSE) AWS Key Management Service (AWS KMS)
        customer master key (CMK) encryption. The rule is COMPLIANT if the
        KmsKeyId is defined.
      InputParameters: {}
      Scope:
        ComplianceResourceTypes: []
      Source:
        Owner: AWS
        SourceIdentifier: CLOUD_TRAIL_ENCRYPTION_ENABLED
      MaximumExecutionFrequency: TwentyFour_Hours
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Cf Template

Rule Parameters

No rule paramters
 
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation: