| agent: |
bCDyuaAahEmOGB4SJEVPUpdate AWS CloudTrail Trail with AWS KMS CMK
Update AWS CloudTrail Trail with AWS KMS CMK
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
This task updates an AWS CloudTrail trail to use an AWS Key Management Service (KMS) Customer Master Key (CMK) for server-side encryption. It ensures that the trail's logs are encrypted with a specified KMS key, enhancing the security and confidentiality of audit log files. This update is vital for maintaining compliance and robust data protection standards in AWS.
inputs
outputs
import boto3
from botocore.exceptions import ClientError
creds = _get_creds(cred_label)['creds']
access_key = creds['username']
secret_key = creds['password']
trail_name = alias_name # Received from upstream tasks
def update_trail_encryption(trail_name, kms_key_id, region_name):
"""
Updates a CloudTrail trail to use KMS encryption.
:param trail_name: Name of the CloudTrail trail
:param kms_key_id: The KMS key ARN or ID
:param region_name: AWS region where the trail is located
"""
try:
cloudtrail_client = boto3.client('cloudtrail', aws_access_key_id=access_key,aws_secret_access_key=secret_key,region_name=region_name)
cloudtrail_client.update_trail(
Name=trail_name,
KmsKeyId=kms_key_id
)
print(f"Trail '{trail_name}' in {region_name} updated to use KMS CMK: {kms_key_id}")
except ClientError as e:
print(f"Error updating trail in {region_name}: {e}")
# Example usage
#trail_name = 'test-trail-1-east-1' # Replace with your trail name
#kms_key_id = '28f9f7ce-41db-42fd-bfcf-be554ed408d3' # Replace with your KMS CMK ID or ARN
#kms_key_id received from upstream task
#region_name = 'us-east-1' # Replace with the region of your CloudTrail trail
update_trail_encryption(trail_name, kms_key_id, region_name)
copied