AWS Config supported rules for Secrets Manager - AWS Secrets Manager

AWS Config supported rules for Secrets Manager

When you use AWS Config to evaluate your resource configurations, you can assess how well your resource configurations comply with internal practices, industry guidelines, and regulations. AWS Config supports the following rules for Secrets Manager:

  • secretsmanager-rotation-enabled-check — Checks if you configured rotation for secrets stored in Secrets Manager. AWS Config verifies you configured the secrets for rotation. This rule also supports the maximumAllowedRotationFrequency, which if specified, compares the frequency configuration of the secret to the value set in the parameter.

  • secretsmanager-scheduled-rotation-success-check— Checks if Secrets Manager successfully rotates secrets. AWS Config verifies the rule and checks if the last rotated date falls within the configured rotation frequency.

    For more information about AWS Config and rules, see the AWS Config product documentation.

  • secretsmanager-using-cmk — Checks if AWS encrypts all secrets using an AWS KMS customer master key(CMK).

  • secretsmanager-secret-unused— Checks if Secrets Manager accessed secrets within a specified number of days.

  • secretsmanager-secret-periodic-rotation— Checks if AWS rotated secrets within the past specified number of days.