Posted On: Nov 8, 2022

Amazon CloudWatch Logs now supports exporting logs to Amazon Simple Storage Service (S3) buckets encrypted using Server side encryption with KMS (SSE-KMS) keys.

CloudWatch customers can export logs within a selected time-range from CloudWatch to S3 buckets in their own or another AWS account. With today’s launch, customers can leverage the enhanced protection and audit trail offered by Amazon S3 buckets encrypted using SSE-KMS as part of their logs exports. Customers can create and manage customer managed keys or use AWS managed keys that are unique to each customer, their service, and their Region.

Customers can use AWS Management console or AWS CLI to set up logs exports to SSE-KMS encrypted S3 buckets in all AWS regions.

To get started, see the following list of resources: