Secrets Manager secrets should be rotated within 90 days
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
This control verifies whether an AWS Secrets Manager secret is rotated at least once within 90 days. The control will fail if the secret is not rotated within this period. This control does not apply to secrets created within the last 90 days.
Regularly rotating secrets helps reduce the risk of unauthorized access to sensitive information, such as database credentials, passwords, third-party API keys, or other confidential data. The longer a secret remains unchanged, the higher the risk of it being compromised.
As the number of users with access to a secret increases, so does the likelihood of accidental exposure to unauthorized parties, through means such as logs, cache data, or shared debugging processes. For these reasons, frequent rotation of secrets is essential.
For guidance on rotating secrets, please refer to the Rotating your AWS Secrets Manager secrets section in the AWS Secrets Manager User Guide.