Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow CloudTrail encryption with SSE-S3 #320

Open
wimnat opened this issue Sep 23, 2023 · 0 comments
Open

Allow CloudTrail encryption with SSE-S3 #320

wimnat opened this issue Sep 23, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@wimnat
Copy link

wimnat commented Sep 23, 2023

Is your feature request related to a problem? Please describe.

Using this module will always create a KMS key in order to encrypt CloudTrail logs. This KMS key comes with a financial cost that the user has to pay.

Describe the solution you'd like

It should be possible to opt out of using SSE-KMS for CloudTrail logs. If the KMS parameter is not passed in the aws_cloudtrail resource, logs will still be encrypted using SSE-S3 but at no cost to the user.

Describe alternatives you've considered

None

Additional context

AWS docs describing how CloudTrail logs are encrypted - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wimnat