28

PCI-DSS Config Rules

Last Update há 2 meses

AWS Config Rule: DMS Replication Not Public AWS Config Rule: AWS Security Hub Enabled AWS Config Rule: EBS Snapshot Not Public Restorable AWS Config Rule: EC2 Instance No Public IP AWS Config Rule: OpenSearch in VPC Only

AWS Config Rule: Secrets Manager Secret Periodic Rotation

SECRETSMANAGER_SECRET_PERIODIC_ROTATION

Fernando Honig

Last Update há 2 meses

Description: Checks if AWS Secrets Manager secrets have been rotated in the past specified number of days. The rule is NON_COMPLIANT if a secret has not been rotated for more than ‘maxDaysSinceRotation’ number of days. The default value is 90 days.


Trigger type: Periodic


AWS Region: All supported AWS regions except Canada West (Calgary) Region

How to Resolve Manually 

To resolve this manually, you will need to ensure that your secrets have been rotated within 90 days, unless you have specified a shorter duration from the default.


Check out this guide which will dig into how to set rotation from the Secrets Dashboard.


Note: You will need to have a Lambda Function to ensure the rotation is executed.


What is worth considering, is that if you have this setup, and are still showing NON_COMPLIANT then it may be worth checking why the Lambda function has not triggered or rotated your specified keys. Lambda CloudWatch logs will be useful for this debugging.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us