Find secrets that aren't rotated - Amazon Secrets Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Find secrets that aren't rotated

You can use Amazon Config to evaluate your secrets to see if they are rotating in compliance with your standards. You define your internal security and compliance requirements for secrets using Amazon Config rules. Then Amazon Config can identify secrets that don't conform to your rules. You can also track changes to secret metadata, rotation configuration, the KMS key used for secret encryption, the Lambda rotation function, and tags associated with a secret.

If you have secrets in multiple Amazon Web Services accounts and Amazon Web Services Regions in your organization, you can aggregate that configuration and compliance data. For more information, see Multi-account Multi-Region data aggregation.

To assess whether secrets are rotating
  1. Follow the instructions on Evaluating your resources with Amazon Config rules, and choose from of the following rules:

  2. Optionally, configure Amazon Config to notify you when secrets aren't compliant. For more information, see Notifications that Amazon Config sends to an Amazon SNS topic.