28

PCI-DSS Config Rules

Last Update vor 2 Monaten

AWS Config Rule: DMS Replication Not Public AWS Config Rule: AWS Security Hub Enabled AWS Config Rule: EBS Snapshot Not Public Restorable AWS Config Rule: EC2 Instance No Public IP AWS Config Rule: OpenSearch in VPC Only

AWS Config Rule: Secrets Manager Scheduled Rotation Success

SECRETSMANAGER_SCHEDULED_ROTATION_SUCCESS_CHECK

Fernando Honig

Last Update vor 2 Monaten

Description: Checks whether AWS Secrets Manager secret rotation has triggered/started successfully as per the rotation schedule. The rule returns NON_COMPLIANT if RotationOccurringAsScheduled is false.


Note: The rule returns NOT_APPLICABLE for secrets without rotation.

Trigger type: Configuration changes


AWS Region: All supported AWS regions except Canada West (Calgary) Region

How to Resolve Manually

For your secrets that you do have rotation enabled on, you will have this additional config rule which will check that your rotation has triggered/started as per your rotation schedule. This could be 30/60/90 days, or even a custom input.


This would have been defined when you selected to enable automatic rotation for your particular Secret. You can see how to do that in this config article.


Note: You will need to have a Lambda Function ready to use which powers the rotation. 

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us