redshift-cluster-kms-enabled
Checks if Amazon Redshift clusters are using a specified Amazon Key Management Service (Amazon KMS) key for encryption.
The rule is COMPLIANT if encryption is enabled and the cluster is encrypted with the key provided in the kmsKeyArn
parameter.
The rule is NON_COMPLIANT if the cluster is not encrypted or encrypted with another key.
Identifier: REDSHIFT_CLUSTER_KMS_ENABLED
Resource Types: AWS::Redshift::Cluster
Trigger type: Configuration changes
Amazon Web Services Region: All supported Amazon regions except Asia Pacific (Thailand), Mexico (Central), Asia Pacific (Taipei) Region
Parameters:
- kmsKeyArns (Optional)
- Type: CSV
-
Comma-separated list of Amazon KMS key Amazon Resource Names (ARNs) used in Amazon Redshift clusters for encryption.
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.