Control Tower logs encryption #1031
Description
Is your feature request related to a problem? Please describe.
Currently you cannot set a CMK for Cloudtrail or Config log buckets through LZA:
controlTower:
enable: true
landingZone:
version: "4.0"
logging:
loggingBucketRetentionDays: 180
accessLoggingBucketRetentionDays: 1825
This creates the buckets used by CT, but encrypts them with SSE-S3
Describe the feature you'd like
Add a way to use own CMK's to encrypt the log buckets, separate for Config and Cloudtrail buckets.