# secretsmanager-rotation-enabled-check
<a name="secretsmanager-rotation-enabled-check"></a>

Checks if Amazon Secrets Manager secret has rotation enabled. The rule also checks an optional `maximumAllowedRotationFrequency` parameter. If the parameter is specified, the rotation frequency of the secret is compared with the maximum allowed frequency. The rule is NON\_COMPLIANT if the secret is not scheduled for rotation. The rule is also NON\_COMPLIANT if the rotation frequency is higher than the number specified in the maximumAllowedRotationFrequency parameter.

**Note**  
Re-evaluating this rule within 4 hours of the first evaluation will have no effect on the results. 



**Identifier:** SECRETSMANAGER\_ROTATION\_ENABLED\_CHECK

**Resource Types:** AWS::SecretsManager::Secret

**Trigger type:** Configuration changes

**Amazon Web Services Region:** All supported Amazon regions

**Parameters:**

maximumAllowedRotationFrequencyInHours (Optional)Type: int  
Maximum allowed rotation frequency of the secret in hours.

maximumAllowedRotationFrequency (Optional)Type: int  
Maximum allowed rotation frequency of the secret in days.

## Amazon CloudFormation template
<a name="w2aac20c16c17b7e1487c21"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).