

# sagemaker-endpoint-config-kms-key-required
<a name="sagemaker-endpoint-config-kms-key-required"></a>

Checks whether SageMaker endpoint configurations are encrypted with a customer-managed KMS key. The rule is NON\_COMPLIANT if KmsKeyId is not set on the endpoint configuration. 



**Identifier:** SAGEMAKER\_ENDPOINT\_CONFIG\_KMS\_KEY\_REQUIRED

**Resource Types:** AWS::SageMaker::EndpointConfig

**Trigger type:** Configuration changes

**Amazon Web Services Region:** All supported Amazon regions except Asia Pacific (New Zealand), Middle East (Bahrain), Asia Pacific (Thailand), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Amazon GovCloud (US-East), Amazon GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary), Europe (Spain), Europe (Zurich) Region

**Parameters:**

None  

## Amazon CloudFormation template
<a name="w2aac20c16c17b7e1447c19"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).