Control: AWS > HIPAA > CloudTrail > CloudTrail trail logs should be encrypted with KMS CMK

To help protect sensitive data at rest, ensure encryption is enabled for your Amazon CloudWatch Log Groups.

Resource Types

This control targets the following resource types:

Control Type URI

tmod:@turbot/aws-hipaa#/control/types/cloudTrailTrailLogsEncryptedWithKmsCmk

Category URI

tmod:@turbot/turbot#/control/categories/complianceHipaa

GraphQL

query controlType(id: "tmod:@turbot/aws-hipaa#/control/types/cloudTrailTrailLogsEncryptedWithKmsCmk") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-hipaa#/control/types/cloudTrailTrailLogsEncryptedWithKmsCmk'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-hipaa#/control/types/cloudTrailTrailLogsEncryptedWithKmsCmk"