kinesis-firehose-delivery-stream-encrypted - AWS Config
AWS CloudFormation template

kinesis-firehose-delivery-stream-encrypted

Checks if Amazon Kinesis Data Firehose delivery streams are encrypted at rest with server-side encryption. The rule is NON_COMPLIANT if a Kinesis Data Firehose delivery stream is not encrypted at rest with server-side encryption.

Identifier: KINESIS_FIREHOSE_DELIVERY_STREAM_ENCRYPTED

Resource Types: AWS::KinesisFirehose::DeliveryStream

Trigger type: Periodic

AWS Region: All supported AWS regions except US ISO West (Northern California), China (Beijing), US ISO East, Asia Pacific (Malaysia), US ISOB East (Ohio), Canada West (Calgary), China (Ningxia) Region

Parameters:

kmsKeyArns (Optional)
Type: CSV

Comma-separated list of KMS Key Arns that are approved for Kinesis Firehose usage.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.