Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt CloudTrail Logs #2256

Closed
Matthew-Grayson opened this issue Sep 26, 2023 · 0 comments · Fixed by #2257
Closed

Encrypt CloudTrail Logs #2256

Matthew-Grayson opened this issue Sep 26, 2023 · 0 comments · Fixed by #2257
Assignees
@Matthew-Grayson
Labels
Backend ASM-VDB Technical Infrastructure and Database Infrastructure Issues related to AWS resources or configuration

Comments

@Matthew-Grayson
Copy link
Contributor

💡 Summary

Ensure CloudTrail Logs are encrypted before deploying to production.

Required KMS key policy elements for trails

Enable CloudTrail log encrypt permissions. See Granting encrypt permissions.
Enable CloudTrail log decrypt permissions. See Granting decrypt permissions. If you are using an existing S3 bucket with an S3 Bucket Key, kms:Decrypt permissions are required to create or update a trail with SSE-KMS encryption enabled.
Enable CloudTrail to describe KMS key properties. See Enable CloudTrail to describe KMS key properties.
@Matthew-Grayson Matthew-Grayson self-assigned this Sep 26, 2023
@Matthew-Grayson Matthew-Grayson added Backend ASM-VDB Technical Infrastructure and Database Infrastructure Issues related to AWS resources or configuration labels Sep 26, 2023
@Matthew-Grayson Matthew-Grayson linked a pull request Sep 26, 2023 that will close this issue
2256 encrypt cloudtrail logs #2257
Merged
12 tasks
@Matthew-Grayson Matthew-Grayson mentioned this issue Sep 26, 2023
Merged
12 tasks
This was referenced Sep 29, 2023
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Matthew-Grayson Matthew-Grayson

Labels
Backend ASM-VDB Technical Infrastructure and Database Infrastructure Issues related to AWS resources or configuration
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

2256 encrypt cloudtrail logs cisagov/crossfeed
1 participant
@Matthew-Grayson