Checks whether a Simple Log Service Logstore has data encryption enabled with a KMS master key from the source specified by the parameter.
Scenarios
A company enables data encryption for its Simple Log Service Logstore and uses a KMS master key from the source specified by the parameter (by default, EXTERNAL key material imported by users) to meet security policy requirements. The default risk level is medium.
Risk level
Default risk level: medium.
You can change the risk level as needed.
Detection logic
The Logstore is compliant if data encryption is enabled and the KMS master key comes from the source specified by the parameter. The default value is EXTERNAL, which indicates key material imported by users.
Rule details
|
Parameter |
Description |
|
Rule name |
The key material source for Simple Log Service Logstore encryption is imported by users |
|
Rule identifier |
|
|
Automatic remediation |
Not supported |
|
Trigger type |
Periodic: Every 24 hours |
|
Supported resource types |
ACS::SLS::LogStore |
|
Input parameters |
origin (default value: EXTERNAL) |
Remediation guidance
For more information, see Data encryption.