CodeBuild logs stored in S3 should be encrypted

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This control verifies whether Amazon S3 logs for an AWS CodeBuild project are encrypted.

Encrypting data at rest is a recommended best practice that enhances access management for your data. By encrypting logs at rest, the risk of unauthorized access to data stored on disk by unauthenticated users is reduced. This adds an additional layer of access control to help prevent unauthorized users from accessing the data.

Remediation

For guidance on updating CodeBuild project logging settings, refer to the Change a build project’s settings in AWS CodeBuild section in the AWS CodeBuild User Guide.