AWS CloudTrail Lake now supports encryption using Customer Managed KMS Keys (CMK)
AWS CloudTrail announces the ability to use your own Customer Managed KMS Keys (CMK) to encrypt the activity logs stored in CloudTrail Lake. CloudTrail has always provided encryption by default using AWS owned KMS keys for all data stored in CloudTrail Lake. This feature provides you the option of adding a self-managed security layer to your activity logs to help you meet the compliance and regulatory requirements of your organization.