Is it possible to configure S3 to encrypt the access logs with a specific CMK from the Key Management System before storing it back to the designated log destination on S3?
I would like to encrypt the logs to add an additional layer of security to the log data.
This is not currently possible. You could build a system that encrypts the logs as soon as they are written using SNS and Lambda, but this is not available out of the box.