A Config rule that checks whether the Amazon Simple Storage Service (Amazon S3) buckets are encrypted with AWS Key Management Service (AWS KMS). The rule is not NON_COMPLIANT if Amazon S3 bucket is not encrypted with AWS KMS key.

This config rule supports the following parameters:

  • kmsKeyArns
    • Required: No
    • Type: CSV
    • Description:Comma separated list of AWS KMS key ARNs allowed for encrypting Amazon S3 Buckets.

ConfigRule
AWS::Config::ConfigRule


Scope

ComplianceResourceTypes

Source *
CustomPolicyDetails
SourceDetails

CloudFormation Template

Share Template