standard
turbot/aws_compliance

Trigger: Detect & correct CloudTrail trail logs not encrypted with KMS CMK

Detect CloudTrail trail logs not encrypted with KMS CMK and then skip or encrypt with KMS CMK.

Query

select
concat(name, ' [', account_id, '/', region, ']') as title,
region,
sp_connection_name as conn,
account_id,
name
from
aws_cloudtrail_trail
where
region = home_region
and kms_key_id is null;

Schedule

15m

Tags

category = Compliance
mod = aws
service = AWS/Cloudtrail