I am trying to figure out how to set up a CloudTrail trail encryption. For my CloudTrail trail I have a bucket as target for the logs that I have enabled encryption on. Something I try to do for all buckets. But setting up the CloudTrail I have the possibility to encrypt the logs delivered to s3. If I do this will my s3 encryption encrypt the encrypted logs my CloudTrail have put where?
Is this how it works, or do I misunderstand something?
CodePudding user response:
Is this how it works, or do I misunderstand something?
No. What you setup is S3 encryption only. There is no extra encryption on top of the S3 one. In other words, your log files won't be double encrypted.