CodeBuild logs stored in S3 should be encrypted

codebuild
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This control verifies whether Amazon S3 logs for an AWS CodeBuild project are encrypted.

Encrypting data at rest is a recommended best practice that enhances access management for your data. By encrypting logs at rest, the risk of unauthorized access to data stored on disk by unauthenticated users is reduced. This adds an additional layer of access control to help prevent unauthorized users from accessing the data.

Remediation

For guidance on updating CodeBuild project logging settings, refer to the Change a build project’s settings in AWS CodeBuild section in the AWS CodeBuild User Guide.

PREVIEWING: brett.blue/embedded-collector-release