By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Encrypt Amazon OpenSearch CloudWatch Logs using KMS key after setup?

0

Hi all

I configured Amazon OpenSearch and could see four CloudWatch Logs log groups as follows:

/aws/opensearch/my-os/AUDIT_LOGS
/aws/opensearch/my-os/ES_APPLICATION_LOGS
/aws/opensearch/my-os/INDEX_SLOW_LOGS
/aws/opensearch/my-os/SEARCH_SLOW_LOGS

Now I want to encrypt them using a KMS key. How can I do this?

Thanks.

Topics
Analytics
Tags
Amazon OpenSearch Service
Language
English
profile picture
Sonic
asked 11 days ago32 views
1 Answer
0

Hi,

Cloudwatch log groups are encrypted at rest by default using a 256-bit AES-GCM server side encryption, but you can also employ a KMS key to encrypt them, either when you create the log group or after it exists.

The following AWS documentation page and Knowledge Center article describes step by step how to implement it.

profile picture
EXPERT
Mikel Del Tio
answered 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content