Skip to content

Allow CloudTrail encryption with SSE-S3 #320

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wimnat opened this issue Sep 23, 2023 · 0 comments
Open

Allow CloudTrail encryption with SSE-S3 #320

wimnat opened this issue Sep 23, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@wimnat
Copy link

wimnat commented Sep 23, 2023

Is your feature request related to a problem? Please describe.

Using this module will always create a KMS key in order to encrypt CloudTrail logs. This KMS key comes with a financial cost that the user has to pay.

Describe the solution you'd like

It should be possible to opt out of using SSE-KMS for CloudTrail logs. If the KMS parameter is not passed in the aws_cloudtrail resource, logs will still be encrypted using SSE-S3 but at no cost to the user.

Describe alternatives you've considered

None

Additional context

AWS docs describing how CloudTrail logs are encrypted - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wimnat