How do you encrypt cloudwatch logs?

0

I want to see, if i can enable some sort of encryption in cloudwatch logs. my application running in ecs writes to cloudwatch . how can i enable encryption , such that if logs were read by someone not authorized or hacked, it wouldn't pose any security compromise. once encrypted , how would authorize users view the logs , meaning how would i decrpty it for viewing via console or download it , when needed.

asked 25 days ago76 views
1 Answer
1

It is very simple. you can use KMS to encrypt couldwatch logs. Please see the documentation below. Basically you will create key, set permissions on the KMS key to allow cloudwatch to use it. Associate the key with the cloudwatch log group. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html

profile pictureAWS
EXPERT
SriniV
answered 25 days ago
profile picture
EXPERT
reviewed 25 days ago
profile pictureAWS
EXPERT
reviewed 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions