Description

This control verifies whether secrets stored in AWS Secrets Manager are set up for automatic rotation. The control will fail if the secret is not configured to rotate automatically.

AWS Secrets Manager enhances the security of your organization by allowing you to centrally store, automatically encrypt, and control access to sensitive information such as database credentials, passwords, and third-party API keys. Additionally, Secrets Manager supports automatic rotation of secrets, which helps replace long-term secrets with short-term ones, reducing the risk associated with compromised secrets. Regular rotation of secrets is recommended to minimize the potential impact of unauthorized access. For more details on rotating secrets, refer to the AWS Secrets Manager User Guide.

Remediation

For guidance on enabling automatic rotation for secrets, please refer to the Rotating your AWS Secrets Manager secrets section in the AWS Secrets Manager User Guide.