-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support encrypted CW log groups #4565
Comments
Is there any update on this? |
Damn, nearly 2 years later and not supported. :( Edit: I suspect the reason it isn't present yet is because CloudFormation doesn't support this (STILL) and thus serverless cannot directly support it. |
Features that are not supported in CloudFormation can still be handled via Custom resources. It should not longer be considered as blocker. PR is welcome |
FWIW, there is an open PR to add this to the CF provider, so ideally should be coming soon. aws-cloudformation/aws-cloudformation-resource-providers-logs#27 Drives me a little nuts that Terraform has supported this 2017... |
FYI this is now live |
In light of that, we're open for PR. Still first let's specify how it should be implemented (solved internally) |
Hi, This issue is becoming more important with any kind of external policies enforced on the account. If we're not able to enable KMS on the log groups created by Serverless.com, we have to create the log groups manually or inherit them e.g. Terraform. That makes the whole setup much more complex, so adding a kmsKeyArn for logs would be a great improvement |
Hello @rafaljanicki - thanks for reporting. At the moment there are no immediate plans for pushing this initiative forward as we're focusing on different priorities. |
Hey @pgrzesik , any news here? Or an idea of a workaround that is semi-automatic i.e. doesn't involve writing separate policies for each log group? |
If one wants to tackle that issue, I've created a module for that: https://github.com/Kult-io/serverless-plugin-log-key-id |
This is a Feature Proposal
Description
AWS just announced encrypted CW logstreams (by using KMS) on a log group basis. As soon as this is supported in CloudFormation it would be great to have the functionality available in Serverless, i.e. that you can select encryption per function and reference a KMS key.
Reference: https://aws.amazon.com/about-aws/whats-new/2017/12/amazon-cloudwatch-logs-now-supports-kms-encryption/
The text was updated successfully, but these errors were encountered: