28

PCI-DSS Config Rules

Last Update 7 maanden geleden

AWS Config Rule: DMS Replication Not Public AWS Config Rule: AWS Security Hub Enabled AWS Config Rule: EBS Snapshot Not Public Restorable AWS Config Rule: EC2 Instance No Public IP AWS Config Rule: OpenSearch in VPC Only

AWS Config Rule: Secrets Manager Secret Unused

SECRETSMANAGER_SECRET_UNUSED

Fernando Honig

Last Update 7 maanden geleden

Description: Checks if AWS Secrets Manager secrets have been accessed within a specified number of days. The rule is NON_COMPLIANT if a secret has not been accessed in ‘unusedForDays’ number of days. The default value is 90 days.


Trigger type: Periodic


AWS Region: All supported AWS regions except Canada West (Calgary) Region

How to Resolve Manually

To resolve manually, you can simply delete any secrets which trigger this rule to become NON_COMPLIANT. There should be little reason to continue to store a secret if it has not been accessed or used within the last 90 days.


You can see an overview of when your secrets were last used in the Secrets Manager Dashboard as pictured below.


To delete a Secret, click into the particular secret you wish to delete, hit the top "Actions" drop down box and choose Delete Secret.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us