Overview

A Config rule that checks whether a log group in Amazon CloudWatch Logs is encrypted. The rule is NON_COMPLIANT if CloudWatch Logs has a log group without encryption enabled.

Configuration Templates

Items
1
Size
0.7 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ConfigRule:
    Type: 'AWS::Config::ConfigRule'
    Properties:
      ConfigRuleName: cloudwatch-log-group-encrypted
      Description: >-
        A Config rule that checks whether a log group in Amazon CloudWatch Logs
        is encrypted. The rule is NON_COMPLIANT if CloudWatch Logs has a log
        group without encryption enabled.
      Scope:
        ComplianceResourceTypes:
          - 'AWS::Lambda::Function'
      Source:
        Owner: AWS
        SourceIdentifier: CLOUDWATCH_LOG_GROUP_ENCRYPTED
      MaximumExecutionFrequency: TwentyFour_Hours
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Rule Parameters

 
* Required field

Sources and Documentation

Configuration Source: AWS Documentation

Additional Documentation: