github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/avd_docs/aws/cloudwatch/AVD-AWS-0017/docs.md

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/avd_docs/aws/cloudwatch/AVD-AWS-0017/docs.md (about)

     1  
     2  CloudWatch log groups are encrypted by default, however, to get the full benefit of controlling key rotation and other KMS aspects a KMS CMK should be used.
     3  
     4  ### Impact
     5  Log data may be leaked if the logs are compromised. No auditing of who have viewed the logs.
     6  
     7  <!-- DO NOT CHANGE -->
     8  {{ remediationActions }}
     9  
    10  ### Links
    11  - https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html
    12  
    13