Policy: AWS > Turbot > Audit Trail > CloudTrail > Trail > Encryption Key
The KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the format: arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
If a key is specified in this policy, SSE-KMS encryption will be enabled with this key. If the Encryption Key
policy is blank, the default (SSE-S3) encryption will be used.
The key will not be created in this stack - it must already exist and CloudTrail must have the correct permissions to use the key. Guardrails will not modify the key policy.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Policy Packs
This policy setting is used by the following policy packs:
Policy Specification
Schema Type |
|
---|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceLogging
- tmod:@turbot/aws#/policy/types/trailEncryptionKey
- turbot graphql policy-type --id "tmod:@turbot/aws#/policy/types/trailEncryptionKey"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws#/policy/types/trailEncryptionKey"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI