CloudTrail announces support for log file encryption using KMS Key and log file integrity validation

Posted on: Oct 1, 2015

Today, we are announcing support for two new CloudTrail features.

1. Support for log file encryption using Server Side Encryption - Key Management Service (KMS)
   You can add an additional layer of security for the CloudTrail log files stored in your S3 bucket by encrypting them with your KMS key. CloudTrail will encrypt the log files using the KMS key you specify.
2. Log File Integrity Validation
   You can validate the integrity of the CloudTrail log files stored in your S3 bucket and detect whether they were deleted or modified after CloudTrail delivered them to your S3 bucket. You can use the log file integrity (LFI) validation as a part of your IT security and auditing processes.

These features are available now in the US East (Northern Virginia), US West (Oregon), US West (Northern California), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Singapore), and South America (Brazil) regions.

For more details about these features, read Jeff’s blog or CloudTrail documentation for encrypting log files using SSE-KMS and log file integrity validation features.