Track changes to secrets stored in AWS Secrets Manager using AWS Config and AWS Config Rules
AWS Secrets Manager now integrates with AWS Config, making it easier for you to track configuration changes to the secrets you manage in Secrets Manager. You can now track change to your secrets’ metadata (e.g. rotation configuration), attributes (e.g. tags), and encryption key. You can also use two managed AWS Config rules to evaluate whether secrets are configured in compliance with your organization’s security and compliance requirements. You can identify secrets that don’t conform to these requirements and receive notifications about these via Amazon Simple Notification Service (SNS) or Amazon CloudWatch Events.
To get started, enable AWS Config in your AWS account. Then, select secrets from the Config resource types. If you previously configured AWS Config to record all resource types, then AWS Secrets Manager secrets will be tracked automatically.
Secrets Manager integration with AWS Config is available in the Asia Pacific (Mumbai, Seoul, Singapore, Sydney, Tokyo, Hong Kong), Canada (Central), EU (Frankfurt, Ireland, London, Paris, Stockholm), AWS GovCloud (US) Regions, Middle East (Bahrain), South America (São Paulo), China (Beijing, Ningxia), US West (N. California, Oregon), and US East (N. Virginia, Ohio) regions. To learn more about this feature, visit AWS Secrets Manager documentation. To learn more about AWS Config, visit the AWS Config webpage. To learn more about AWS Secrets Manager, visit the Secrets Manager home page.