github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudtrail/AVD-AWS-0015/Management_Console.md (about) 1 1. Log into the AWS Management Console. 2 2. Select the "Services" option and search for "CloudTrail". 3 3. In the "Dashboard" panel click on "View trails" button. 4 4. Select the "trail" that needs to be verified under "Name" column. 5 5. Scroll down and under the "Storage location" option check for "Encrypt log files with SSE-KMS". If its status is "No" the selected trail does not support log encryption. 6 6. Click on the pencil icon to get into "Storage location" configuration settings. Scroll down and click on "Yes" next to "Encrypt log files with SSE-KMS" to enable the "CloudTrail" log encryption.  7 7. Click on the "Yes" option next to "Create a new KMS key" and enter a name. Make sure KMS key and S3 bucket must be in the same region. 8 8. Click on "No" option next to "Create a new KMS key" if already have "KMS key" available. 9 9. Scroll down and click on "Save" to enable the CloudTrail log encryption.