A Config rule that checks if Amazon Redshift clusters are using a specified AWS Key Management Service (AWS KMS) key for encryption. The rule is COMPLIANT if encryption is enabled and the cluster is encrypted with the key provided in the kmsKeyArn parameter. The rule is NON_COMPLIANT if the cluster is not encrypted or encrypted with another key.

This config rule supports the following parameters:

  • kmsKeyArns
    • Required: No
    • Type: CSV
    • Description:Comma-separated list of AWS KMS key Amazon Resource Names (ARNs) used in Amazon Redshift clusters for encryption.

ConfigRule
AWS::Config::ConfigRule


Scope

ComplianceResourceTypes

Source *
CustomPolicyDetails
SourceDetails

CloudFormation Template

Share Template