ECS cluster logging must be encrypted

Docs > Datadog Security > OOTB Rules > ECS cluster logging must be encrypted

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

ECS clusters should have encrypted logging enabled for execute command sessions to protect sensitive data in transit and at rest.

Remediation

Configure your ECS cluster’s execute command logging with proper encryption by setting a KMS key ID and enabling encryption for CloudWatch Logs or S3 destinations in the log configuration. Refer to the Encryption best practices for Amazon ECS.