The AWS CloudFormation template creates an Amazon CloudWatch Events event and an AWS Lambda function. The event watches for any Amazon Redshift cluster being created or being restored from a snapshot through AWS CloudTrail. If the cluster is created without AWS Key Management Service (AWS KMS) or cloud hardware security model (HSM) encryption in the AWS account, CloudWatch initiates a Lambda function that sends you an Amazon Simple Notification Service (Amazon SNS) notification informing you of the violation.
