Control: AWS > HIPAA > Logs > Log group encryption at rest should be enabled

To help protect sensitive data at rest, ensure encryption is enabled for your Amazon CloudWatch Log Group.

Resource Types

This control targets the following resource types:

Control Type URI

tmod:@turbot/aws-hipaa#/control/types/logGroupEncryptionAtRestEnabled

Category URI

tmod:@turbot/turbot#/control/categories/complianceHipaa

GraphQL

query controlType(id: "tmod:@turbot/aws-hipaa#/control/types/logGroupEncryptionAtRestEnabled") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-hipaa#/control/types/logGroupEncryptionAtRestEnabled'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-hipaa#/control/types/logGroupEncryptionAtRestEnabled"