The Assertion of the Response is not encrypted and the SP require it

Unfortunately, the current AWS implementation of SAML 2.0 federation does not support encrypted SAML assertions. However, the traffic between the customer's systems and AWS is transmitted over an encrypted (TLS) channel. I was able to see an existing feature request to add support encrypted SAML assertions which I have +1'd on your behalf. While I am unable to comment on if/when this feature may get released, I request you to keep an eye on our What's New and Blog pages for any new feature announcements.