---
title: CodeBuild logs stored in S3 should be encrypted
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > CodeBuild logs stored in S3 should be
  encrypted
---

# CodeBuild logs stored in S3 should be encrypted
 
## Description{% #description %}

This control verifies whether Amazon S3 logs for an AWS CodeBuild project are encrypted.

Encrypting data at rest is a recommended best practice that enhances access management for your data. By encrypting logs at rest, the risk of unauthorized access to data stored on disk by unauthenticated users is reduced. This adds an additional layer of access control to help prevent unauthorized users from accessing the data.

## Remediation{% #remediation %}

For guidance on updating CodeBuild project logging settings, refer to the [Change a build project's settings in AWS CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/change-project.html) section in the AWS CodeBuild User Guide.