Remove unused Secrets Manager secrets

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This control checks if an AWS Secrets Manager secret has been accessed within the last 90 days. The control will fail if the secret remains unused beyond this defined period.

Unused secrets may be exploited by individuals who no longer require access. Additionally, the more users that have access to a secret, the higher the risk that it could be mishandled or exposed to unauthorized parties. Removing unused secrets helps prevent access by users who no longer need it and can also reduce the costs associated with Secrets Manager. Regularly deleting unused secrets is a vital part of maintaining a secure environment.

Remediation

For guidance on deleting secrets, please refer to the Delete an AWS Secrets Manager secret section of the AWS Secrets Manager User Guide