Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Encrypt Amazon OpenSearch CloudWatch Logs using KMS key after setup?

0

Hi all

I configured Amazon OpenSearch and could see four CloudWatch Logs log groups as follows:

/aws/opensearch/my-os/AUDIT_LOGS
/aws/opensearch/my-os/ES_APPLICATION_LOGS
/aws/opensearch/my-os/INDEX_SLOW_LOGS
/aws/opensearch/my-os/SEARCH_SLOW_LOGS

Now I want to encrypt them using a KMS key. How can I do this?

Thanks.

Topics
Analytics
Tags
Amazon OpenSearch Service
Language
English
asked a year ago165 views
1 Answer
0

Hi,

Cloudwatch log groups are encrypted at rest by default using a 256-bit AES-GCM server side encryption, but you can also employ a KMS key to encrypt them, either when you create the log group or after it exists.

The following AWS documentation page and Knowledge Center article describes step by step how to implement it.

EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content