AWS-CloudTrail-CloudTrail-Encryption

Severity: Critical

Description: This policy identifies publicly accessible S3 buckets that store CloudTrail data. These buckets contains sensitive audit data and only authorized users and applications should have access.

Remediation Steps:

Perform following to enable CMK for CloudTrail logs :

1. Login to the AWS Management Console at https://console.aws.amazon.com/cloudtrail/ .

2. In the console, select the specific region from region drop down on the top right corner, for which the alert is generated.

3. Click on Trails and each trail reported, click on trail. Edit the General Details and under storage location settings select New or Existing for Customer managed AWS KMS key. If selecting Existing , from AWS KMS alias select the CMK alias.

Reference:

• https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html

• https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-kms-key-policy-for-cloudtrail-update-trail.html