Mods
AWS

Policy: AWS > Turbot > Audit Trail > CloudTrail > Trail > Encryption Key

The KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the format: arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012

If a key is specified in this policy, SSE-KMS encryption will be enabled with this key. If the Encryption Key policy is blank, the default (SSE-S3) encryption will be used.

The key will not be created in this stack - it must already exist and CloudTrail must have the correct permissions to use the key. Guardrails will not modify the key policy.

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Packs

This policy setting is used by the following policy packs:

Policy Specification

Schema Type
string

Category

In Your Workspace

Developers