Encrypting logs is a great way to enhance the security of a project. It's important to get logs encrypted as a best practice.
Currently, the code line tfsec:ignore:aws-cloudwatch-log-group-customer-key present in cloudwatch/main.tf has silenced the tfsec warning related to this.
IMPORTANT note: You cannot encrypt ALB logs using a separate KMS key. Therefore, this ticket applies only to CloudWatch logs from other services. To force encryption for ALB, you can use a custom Lambda, but this is not within the scope of this ticket.
Why
Encrypting logs is a great way to enhance the security of a project. It's important to get logs encrypted as a best practice.
Currently, the code line
tfsec:ignore:aws-cloudwatch-log-group-customer-key
present incloudwatch/main.tf
has silenced thetfsec
warning related to this.IMPORTANT note: You cannot encrypt ALB logs using a separate KMS key. Therefore, this ticket applies only to CloudWatch logs from other services. To force encryption for ALB, you can use a custom Lambda, but this is not within the scope of this ticket.
Who Benefits?
Everyone.