By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do you encrypt cloudwatch logs?

0

I want to see, if i can enable some sort of encryption in cloudwatch logs. my application running in ecs writes to cloudwatch . how can i enable encryption , such that if logs were read by someone not authorized or hacked, it wouldn't pose any security compromise. once encrypted , how would authorize users view the logs , meaning how would i decrpty it for viewing via console or download it , when needed.

Topics
Management & GovernanceNetworking & Content Delivery
Tags
Amazon CloudWatchEncryption
Language
English
clouduser
asked a year ago303 views
1 Answer
1

It is very simple. you can use KMS to encrypt couldwatch logs. Please see the documentation below. Basically you will create key, set permissions on the KMS key to allow cloudwatch to use it. Associate the key with the cloudwatch log group. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html

profile pictureAWS
EXPERT
Srini V
answered a year ago
profile picture
EXPERT
Oleksii Bebych
reviewed a year ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content