AWS Config Rule: Secrets Manager Rotation Enabled
SECRETSMANAGER_ROTATION_ENABLED_CHECK
Fernando Honig
Last Update منذ شهرين
Description: Checks if AWS Secrets Manager secret has rotation enabled. The rule also checks an optional maximumAllowedRotationFrequency parameter. If the parameter is specified, the rotation frequency of the secret is compared with the maximum allowed frequency. The rule is NON_COMPLIANT if the secret is not scheduled for rotation. The rule is also NON_COMPLIANT if the rotation frequency is higher than the number specified in the maximumAllowedRotationFrequency parameter.
Note: Re-evaluating this rule within 4 hours of the first evaluation will have no effect on the results.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Canada West (Calgary) Region
How to Resolve Manually
To resolve this manually, you will need to edit the rotation configuration within the Secrets Manager store. This can be found from the main Secrets Dashboard, and clicking into the Secret you want to re-configure.
After enabling the Automatic Rotation, you have the ability to choose 30, 60, 90 or a custom amount of days for the rotation interval. This is how often the next function is triggered which will rotate the secret value.
You will need to create a Lambda function in order to perform the rotation, and this function will need the correct permissions to rotate this secret.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
