CodeBuild logs stored in S3 should be encrypted

codebuild
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This control verifies whether Amazon S3 logs for an AWS CodeBuild project are encrypted.

Encrypting data at rest is a recommended best practice that enhances access management for your data. By encrypting logs at rest, the risk of unauthorized access to data stored on disk by unauthenticated users is reduced. This adds an additional layer of access control to help prevent unauthorized users from accessing the data.

Remediation

For guidance on updating CodeBuild project logging settings, refer to the Change a build project’s settings in AWS CodeBuild section in the AWS CodeBuild User Guide.