redshift-cluster-kms-enabled - Amazon Config
Amazon CloudFormation template
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

redshift-cluster-kms-enabled

Checks if Amazon Redshift clusters are using a specified Amazon Key Management Service (Amazon KMS) key for encryption. The rule is COMPLIANT if encryption is enabled and the cluster is encrypted with the key provided in the kmsKeyArn parameter. The rule is NON_COMPLIANT if the cluster is not encrypted or encrypted with another key.

Identifier: REDSHIFT_CLUSTER_KMS_ENABLED

Resource Types: AWS::Redshift::Cluster

Trigger type: Configuration changes

Amazon Web Services Region: All supported Amazon regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region

Parameters:

kmsKeyArns (Optional)
Type: CSV

Comma-separated list of Amazon KMS key Amazon Resource Names (ARNs) used in Amazon Redshift clusters for encryption.

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.