AWS Config Rule: Secrets Manager Scheduled Rotation Success


Fernando Honig

Last Update 3 days ago

Description: Checks whether AWS Secrets Manager secret rotation has triggered/started successfully as per the rotation schedule. The rule returns NON_COMPLIANT if RotationOccurringAsScheduled is false.

Note: The rule returns NOT_APPLICABLE for secrets without rotation.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Canada West (Calgary) Region

How to Resolve Manually

For your secrets that you do have rotation enabled on, you will have this additional config rule which will check that your rotation has triggered/started as per your rotation schedule. This could be 30/60/90 days, or even a custom input.

This would have been defined when you selected to enable automatic rotation for your particular Secret. You can see how to do that in this config article.

Note: You will need to have a Lambda Function ready to use which powers the rotation. 

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us