diff --git a/.changelog/38245.txt b/.changelog/38245.txt
new file mode 100644
index 000000000000..e9ebd19b9285
--- /dev/null
+++ b/.changelog/38245.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_kinesis_firehose_delivery_stream: Add `secret_manager_configuration` attribute in `http_endpoint_configuration`
+```
\ No newline at end of file
diff --git a/website/docs/r/kinesis_firehose_delivery_stream.html.markdown b/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
index 7f242b2d8832..878509bc3cf5 100644
--- a/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
+++ b/website/docs/r/kinesis_firehose_delivery_stream.html.markdown
@@ -781,6 +781,7 @@ The `http_endpoint_configuration` configuration block supports the following arg
 * `role_arn` - (Required) Kinesis Data Firehose uses this IAM role for all the permissions that the delivery stream needs. The pattern needs to be `arn:.*`.
 * `s3_configuration` - (Required) The S3 Configuration. See [`s3_configuration` block](#s3_configuration-block) below for details.
 * `s3_backup_mode` - (Optional) Defines how documents should be delivered to Amazon S3.  Valid values are `FailedDataOnly` and `AllData`.  Default value is `FailedDataOnly`.
+* `secret_manager_configuration` - (Optional) The Secret Manager Configuration. See [`secret_manager_configuration` block](#secret_manager_configuration-block) below for details.
 * `buffering_size` - (Optional) Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.
 * `buffering_interval` - (Optional) Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300 (5 minutes).
 * `cloudwatch_logging_options` - (Optional) The CloudWatch Logging Options for the delivery stream. See [`cloudwatch_logging_options` block](#cloudwatch_logging_options-block) below for details.
@@ -927,6 +928,14 @@ The `s3_configuration` configuration block supports the following arguments:
   be used.
 * `cloudwatch_logging_options` - (Optional) The CloudWatch Logging Options for the delivery stream. See [`cloudwatch_logging_options` block](#cloudwatch_logging_options-block) below for details.
 
+### `secret_manager_configuration` block
+
+The `secret_manager_configuration` configuration block supports the following arguments:
+
+* `enabled` - (Required) Enables or disables secrets manager feature.
+* `role_arn` - (Optional) The role that Firehose assumes when calling the Secrets Manager API operation.
+* `secret_arn` - (Optional) The ARN of the secret that stores your credentials.
+
 ### `input_format_configuration` block
 
 The `input_format_configuration` configuration block supports the following arguments: