AWS Config Rule: Secrets Manager Secret Periodic Rotation


Fernando Honig

Last Update 8 maanden geleden

Description: Checks if AWS Secrets Manager secrets have been rotated in the past specified number of days. The rule is NON_COMPLIANT if a secret has not been rotated for more than ‘maxDaysSinceRotation’ number of days. The default value is 90 days.

Trigger type: Periodic

AWS Region: All supported AWS regions except Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West) Region

How to Resolve Manually 

To resolve this manually, you will need to ensure that your secrets have been rotated within 90 days, unless you have specified a shorter duration from the default.

Check out this guide which will dig into how to set rotation from the Secrets Dashboard.

Note: You will need to have a Lambda Function to ensure the rotation is executed.

What is worth considering, is that if you have this setup, and are still showing NON_COMPLIANT then it may be worth checking why the Lambda function has not triggered or rotated your specified keys. Lambda CloudWatch logs will be useful for this debugging.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us