AWS CloudTrail records your API calls and provides log files for verification and auditing purposes. AWS is enhancing this service by supporting two new features: Encryption for SSE-KMS and Log File Integrity Validation.
CloudTrail saves your log files in an S3 bucket which is encrypted with Server Side Encryption (SSE). You can further secure that bucket by encrypting it with an AWS Key Management Service (KMS) key that you provide, effectively increasing its security.
On the other hand, if you want to verify the integrity of your log file, you can now do so by changing the setting in your CloudTrail configuration screen. Once enabled, you can then determine whether or not your log has been tampered with. The full description of this feature can be found here.
Cloud security is a shared responsibility between the user and the cloud provider. If you want to learn more about how to increase the security of your business within the cloud, contact our AWS-certified experts here in PolarSeven.
[video_player type=”youtube” width=”560″ height=”315″ align=”center” margin_top=”0″ margin_bottom=”20″ border_size=”3″ border_color=”#36d3d1″]aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj10MGUtbXpfSTJPVQ==[/video_player]