Encryption of CloudTrail logs

AWS-CloudTrail-Logs-Encryption_Cloud-Security

Do you know the security and manual management of CloudTrail logs with your CMKs can be easier than ever before? AWS delivers your CloudTrail logs to your S3-bucket which are encrypted by Amazon server-side encryption method and Amazon S3-managed encryption keys (SSE-S3) by default. To add an extra layer of security which is directly manageable, you can use server-side encryption with AWS KMS (Key Management Service). KMS also manages keys (SSE-KMS) for your CloudTrail log files. This additional setting not only adds a layer of security but also add the benefits of Keys Management Services such as:

1. You can create and manage your CMK encryption keys.
2. For encryption and decryption of your log files, you can use single CMK; even for multiple accounts in all region.
3. Also, you can assign permissions to your organization’s users for encryption and decryption with your key.

To implement this feature you don’t have to do much. All you need to do is to create and manage your KMS key, which is your Customer Master Key (CMK). Then assign a policy to it with which you can assign the users, the rights of encryption and decryption of your CloudTrail log files. This also makes your S3 decryption seamless. This means, when an authorized user of the key reads a CloudTrail Log file, S3 ensures that user reads the decrypted form only.

Why do you need supervision of Centilytics?

Centilytics checks and warns you about the log files that are not encrypted. For better understanding, our CloudTrail log encryption insight lists down the trail name of your CloudTrail log along with its respective Account ID and KMS ID. With the help of KMS ID, it becomes easier to understand that your logs are encrypted or not.

Insight Description:

Ok
 Ok:  CloudTrail Logs has been encrypted at rest.
Critical
 Critical:  CloudTrail logs haven’t been encrypted

 

Description of further columns are as follows:

Account Id: Shows the respective account ID of user’s account

Account ID Log Encryption

Account Name: Shows the account name corresponding to the user’s account

Account Name Log Encryption

Region: This column shows the region of your instance where it has been used.Region Log Encryption

Identifier: Shows you the service with its trail name.

Identifier Log Encryption

Trail Name: Shows the name of the trail that you have entered while creating your trail.

Trail Name Log Encryption

KMS ID: Shows the ID which is used to encrypt your CloudTrail logs.

KMS ID Log Encryption

Filters Applicable

Filter Name Description
Account Id Applying account Id filter will display all the public snapshots for the selected account Id.
Region Applying region filter will display all the public snapshots corresponding to the selected region.
Severity Applying severity filter will display public snapshots according to the selected severity type i.e. selecting critical will display all instances with critical severity. Same will be the case for Warning and Ok severity types.
Resource Tags Applying resource tags filter will display those public snapshots which have been assigned the selected resource tag. For e.g., If the user has tagged some public snapshots by a resource tag named environment, then selecting an environment from the resource tags filter will display all those snapshots.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which are tagged as “environment:production”. The user can use the tag value filter only when a tag name has been provided.
Compliance Applying Compliance filter, you can further refine your security and health checks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here