The key material source for Simple Log Service Logstore encryption is imported by users

更新时间:
复制 MD 格式

Checks whether a Simple Log Service Logstore has data encryption enabled with a KMS master key from the source specified by the parameter.

Scenarios

A company enables data encryption for its Simple Log Service Logstore and uses a KMS master key from the source specified by the parameter (by default, EXTERNAL key material imported by users) to meet security policy requirements. The default risk level is medium.

Risk level

Default risk level: medium.

You can change the risk level as needed.

Detection logic

The Logstore is compliant if data encryption is enabled and the KMS master key comes from the source specified by the parameter. The default value is EXTERNAL, which indicates key material imported by users.

Rule details

Parameter

Description

Rule name

The key material source for Simple Log Service Logstore encryption is imported by users

Rule identifier

sls-logstore-encrypt-key-origin-check

Automatic remediation

Not supported

Trigger type

Periodic: Every 24 hours

Supported resource types

ACS::SLS::LogStore

Input parameters

origin (default value: EXTERNAL)

Remediation guidance

For more information, see Data encryption.