Secrets Manager secrets configured with automatic rotation should rotate successfully

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This check verifies if a secret managed by AWS Secrets Manager has been rotated according to its defined schedule. The check applies only to secrets with rotation enabled.

AWS Secrets Manager allows for centralized storage of sensitive information, with built-in encryption, access control, and automated rotation. The rotation process can replace long-term secrets with short-term alternatives, reducing the window of opportunity for unauthorized access if a secret is compromised.

To enhance security, it’s important not only to enable automatic rotation but also to ensure that the rotation is completed successfully as per the schedule.

Remediation

For guidance on troubleshooting issues with secret rotation, please refer to the Troubleshooting AWS Secrets Manager rotation of secrets section of the AWS Secrets Manager User Guide.

PREVIEWING: esther/docs-9518-update-example-control-sensitive-log-data