Secrets Manager secrets should be rotated within 90 days

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This control verifies whether an AWS Secrets Manager secret is rotated at least once within 90 days. The control will fail if the secret is not rotated within this period. This control does not apply to secrets created within the last 90 days.

Regularly rotating secrets helps reduce the risk of unauthorized access to sensitive information, such as database credentials, passwords, third-party API keys, or other confidential data. The longer a secret remains unchanged, the higher the risk of it being compromised.

As the number of users with access to a secret increases, so does the likelihood of accidental exposure to unauthorized parties, through means such as logs, cache data, or shared debugging processes. For these reasons, frequent rotation of secrets is essential.

Remediation

For guidance on rotating secrets, please refer to the Rotating your AWS Secrets Manager secrets section in the AWS Secrets Manager User Guide.

PREVIEWING: esther/docs-9478-fix-split-after-example