AWS Secrets Manager now supports VPC endpoint policies
AWS Secrets Manager now supports VPC endpoint policies, making it easier for you to restrict egress of secrets from your Amazon VPC. When you create a VPC endpoint for Secrets Manager, you can attach an endpoint policy to define the Secrets Manager actions that can be performed, the secrets these actions can be performed on, the IAM users or roles that can perform these actions, and the accounts that can be accessed via the VPC endpoint.
AWS Secrets Manager enables you to retrieve and manage secrets throughout their lifecycle. AWS Secrets Manager also makes it easier to follow the security best practice of using short-term secrets by rotating secrets safely on a schedule that you determine. For example, you can configure AWS Secrets Manager to rotate a database credential daily, turning a typical long-term secret in to a short-term secret that is rotated automatically. By using Secrets Manager with Amazon VPC endpoint policies, you can now keep secrets-related, encrypted communication within the AWS network and help meet your compliance and regulatory requirements by granularly controlling access to Secrets Manager APIs.
AWS Secrets Manager is available in the Asia Pacific (Mumbai, Seoul, Singapore, Sydney, Tokyo), Canada (Central), EU (Frankfurt, Ireland, London, Paris, Stockholm), GovCloud (US-West), South America (São Paulo), US West (N. California, Oregon), and US East (N. Virginia, Ohio) regions. To learn more about AWS Secrets Manager, visit the documentation. To get started, visit the AWS Secrets Manager home page.