kinesis-firehose-delivery-stream-encrypted - AWS Config


Checks if Amazon Kinesis Data Firehose delivery streams are encrypted at rest with server-side encryption. The rule is NON_COMPLIANT if a Kinesis Data Firehose delivery stream is not encrypted at rest with server-side encryption.


Resource Types: AWS::KinesisFirehose::DeliveryStream

Trigger type: Periodic

AWS Region: All supported AWS regions except China (Beijing), China (Ningxia) Region


kmsKeyArns (Optional)
Type: CSV

Comma-separated list of KMS Key Arns that are approved for Kinesis Firehose usage.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.