# redshift-serverless-namespace-cmk-encryption
<a name="redshift-serverless-namespace-cmk-encryption"></a>

Checks if Amazon Redshift Serverless namespaces are encrypted by customer managed Amazon KMS keys. The rule is NON\_COMPLIANT if a namespace is not encrypted by a customer managed key. Optionally, you can specify a list of KMS keys for rule to check. 



**Identifier:** REDSHIFT\_SERVERLESS\_NAMESPACE\_CMK\_ENCRYPTION

**Resource Types:** AWS::RedshiftServerless::Namespace

**Trigger type:** Periodic

**Amazon Web Services Region:** All supported Amazon regions except Asia Pacific (New Zealand), Middle East (Bahrain), Asia Pacific (Thailand), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Europe (Milan), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region

**Parameters:**

kmsKeyArns (Optional)Type: CSV  
Comma-separated list of Amazon Resource Names (ARNs) of customer managed keys for the rule to check. If provided, the rule is NON\_COMPLIANT if an Amazon Redshift Serverless namespace is not encrypted with one of these KMS keys.

## Amazon CloudFormation template
<a name="w2aac20c16c17b7e1317c19"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).