Secrets Manager secrets should have automatic rotation enabled

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This control verifies whether secrets stored in AWS Secrets Manager are set up for automatic rotation. The control will fail if the secret is not configured to rotate automatically.

AWS Secrets Manager enhances the security of your organization by allowing you to centrally store, automatically encrypt, and control access to sensitive information such as database credentials, passwords, and third-party API keys. Additionally, Secrets Manager supports automatic rotation of secrets, which helps replace long-term secrets with short-term ones, reducing the risk associated with compromised secrets. Regular rotation of secrets is recommended to minimize the potential impact of unauthorized access. For more details on rotating secrets, refer to the AWS Secrets Manager User Guide.

Remediation

For guidance on enabling automatic rotation for secrets, please refer to the Rotating your AWS Secrets Manager secrets section in the AWS Secrets Manager User Guide.