secretsmanager-rotation-enabled-check

Checks if AWS Secrets Manager secret has rotation enabled. The rule also checks an optional maximumAllowedRotationFrequency parameter. If the parameter is specified, the rotation frequency of the secret is compared with the maximum allowed frequency. The rule is NON_COMPLIANT if the secret is not scheduled for rotation. The rule is also NON_COMPLIANT if the rotation frequency is higher than the number specified in the maximumAllowedRotationFrequency parameter.

Note

Re-evaluating this rule within 4 hours of the first evaluation will have no effect on the results.

Identifier: SECRETSMANAGER_ROTATION_ENABLED_CHECK

Resource Types: AWS::SecretsManager::Secret

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region

Parameters:

maximumAllowedRotationFrequency (Optional)
Type: int: Maximum allowed rotation frequency of the secret in days.
maximumAllowedRotationFrequencyInHours (Optional)
Type: int: Maximum allowed rotation frequency of the secret in hours.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

sagemaker-notebook-no-direct-internet-access

secretsmanager-scheduled-rotation-success-check