secretsmanager-rotation-enabled-check
Checks if Amazon Secrets Manager secret has rotation enabled. The rule also checks an optional maximumAllowedRotationFrequency
parameter.
If the parameter is specified, the rotation frequency of the secret is compared with the maximum allowed frequency.
The rule is NON_COMPLIANT if the secret is not scheduled for rotation.
The rule is also NON_COMPLIANT if the rotation frequency is higher than the number specified in the maximumAllowedRotationFrequency parameter.
Note
Re-evaluating this rule within 4 hours of the first evaluation will have no effect on the results.
Identifier: SECRETSMANAGER_ROTATION_ENABLED_CHECK
Resource Types: AWS::SecretsManager::Secret
Trigger type: Configuration changes
Amazon Web Services Region: All supported Amazon regions except US ISO West, US ISO East, Asia Pacific (Malaysia), US ISOB East, Canada West (Calgary) Region
Parameters:
- maximumAllowedRotationFrequency (Optional)
- Type: int
-
Maximum allowed rotation frequency of the secret in days.
- maximumAllowedRotationFrequencyInHours (Optional)
- Type: int
-
Maximum allowed rotation frequency of the secret in hours.
Amazon CloudFormation template
To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.