Remove unused Secrets Manager secrets

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

This control checks if an AWS Secrets Manager secret has been accessed within the last 90 days. The control will fail if the secret remains unused beyond this defined period.

Unused secrets may be exploited by individuals who no longer require access. Additionally, the more users that have access to a secret, the higher the risk that it could be mishandled or exposed to unauthorized parties. Removing unused secrets helps prevent access by users who no longer need it and can also reduce the costs associated with Secrets Manager. Regularly deleting unused secrets is a vital part of maintaining a secure environment.

Remediation

For guidance on deleting secrets, please refer to the Delete an AWS Secrets Manager secret section of the AWS Secrets Manager User Guide

PREVIEWING: may/add-individual-processors