CodeBuild logs stored in S3 should be encrypted

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This control verifies whether Amazon S3 logs for an AWS CodeBuild project are encrypted.

Encrypting data at rest is a recommended best practice that enhances access management for your data. By encrypting logs at rest, the risk of unauthorized access to data stored on disk by unauthenticated users is reduced. This adds an additional layer of access control to help prevent unauthorized users from accessing the data.

Remediation

For guidance on updating CodeBuild project logging settings, refer to the Change a build project’s settings in AWS CodeBuild section in the AWS CodeBuild User Guide.