Posted On: Nov 11, 2022

AWS CloudTrail announces the ability to use your own Customer Managed KMS Keys (CMK) to encrypt the activity logs stored in CloudTrail Lake. CloudTrail has always provided encryption by default using AWS owned KMS keys for all data stored in CloudTrail Lake. This feature provides you the option of adding a self-managed security layer to your activity logs to help you meet the compliance and regulatory requirements of your organization.

For further details, see our documentation.

This feature is available in all AWS Regions where AWS CloudTrail Lake is available. There is no additional charge to use CMKs for CloudTrail Lake, however CloudTrail Lake and AWS KMS charges will apply.