Ensure that AWS Secrets Manager service is configured to automatically rotate your service or database secrets (i.e. enable automatic rotation feature for your secrets). Secrets Manager rotation is the automatic process that periodically change your secrets data to make it more difficult for an attacker to access the services and resources secured with these secrets. With Amazon Secrets Manager you don't have to manually change the secret and update it on all of your clients. Instead, the Secrets Manager service uses an AWS Lambda function to perform for you all of the steps required for rotation, on a regular schedule (predefined or custom).
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Automatically rotating your Amazon Secrets Manager secrets can significantly reduce the chances that a compromised set of credentials can be utilized without your knowledge to access services and resources (AWS-based or third-party) that you use for your applications.
To determine if automatic rotation is enabled for your AWS Secrets Manager secrets, perform the following actions:
To enable automatic rotation feature for your Amazon Secrets Manager secrets, perform the following actions: