Cloud computing has become an essential factor in IT transformation and business innovation. One of the main challenges organizations face is the lack of visibility into the cloud environment.
For this blog post, we will be focusing on two roles of this Ansible validated content collection: https://github.com/redhat-cop/cloud.aws_ops/tree/main/roles/enable_cloudtrail_encryption_with_kms encrypts an AWS CloudTrail trail using the AWS Key Management Service (AWS KMS) customer managed key you specify.
To enable encryption for CloudTrail logs, you would create a KMS key that is used to encrypt the S3 bucket where your CloudTrail logs are stored.
TASK [cloud.aws_ops.enable_cloudtrail_encryption_with_kms : Assert that AWS CloudTrail trail was successfully encrypted] *** ok: [localhost] => { "changed": false, "msg": "AWS CloudTrail trail was successfully encrypted"