More Info:

Ensure that the rotation interval for your AWS Secrets Manager secrets is configured to meet security and compliance requirements. Prior to running this rule by the Cloud Conformity engine, the rotation interval (in days) must be configured in the rule settings, on your Cloud Conformity account dashboard. Amazon Secrets Manager rotation feature represents the automatic process that periodically change your secrets information to make it more difficult for attackers to access the services and resources secured with these secrets.

Risk Level

Medium

Address

Security

Compliance Standards

AWSWAF

Remediation

How to ensure secrets are rotated frequently

Using AWS Console

  1. Identify the secrets that need to be rotated - This includes access keys, database passwords, API keys, and other sensitive information. (In the Cloudanix Console, navigate to “Misconfig” page and look for Affected Assets for “Secrets Manager Secrets Should Be Rotated Frequently” Policy.)
  2. Create a rotation schedule - Determine how often the secrets need to be rotated. This can be based on industry standards or any compliance requirements.
  3. Use AWS Secrets Manager or AWS Systems Manager Parameter Store - These services automate the rotation process for you. You can create a rotation policy that specifies when and how to rotate the secrets.
  4. Update applications and services - After the secrets are rotated, update the applications and services that use them with the new values.
  5. Test the rotation process - Regularly test the rotation process to ensure that it is working as expected.
  6. Monitor the rotation process - Monitor the rotation process to ensure that it is running on schedule and that there are no errors or issues.

Additional Reading: