Posted On: Mar 15, 2021
AWS Config now supports three new AWS Config managed rules to help you verify that your secrets in AWS Secrets Manager are configured in accordance with your organization’s security and compliance requirements. AWS Config records and evaluates configurations of your AWS resources. AWS Config managed rules are predefined rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. AWS Secrets Manager helps easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle.
With this launch, the following new managed rules are now supported:
- secretsmanager-using-cmk checks if all secrets in AWS Secrets Manager are encrypted using an AWS Key Management Service (AWS KMS) customer master key (CMK).
- secretsmanager-secret-unused checks if AWS Secrets Manager secrets have been accessed within a specified number of days.
- secretsmanager-secret-periodic-rotation checks if AWS Secrets Manager secrets have been rotated in the past specified number of days.
For more information on pricing, feature and technical documentation, review AWS Config and AWS Secrets Manager web pages.