AWS AWSCloudFormation medium security documentation change
Summary
Added encryption of digest files to KMS key description
Security assessment
Explicitly mentions encryption of digest files which are critical for log integrity validation. This documents expanded security controls for CloudTrail data protection.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.md b/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.md index 496c4d1bd..bd567072e 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.md +++ b//AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.md @@ -213 +213 @@ _Required_ : No -Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. +Specifies the AWS KMS key ID to use to encrypt the logs and digest files delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.