Control: Remove unused Secrets Manager secrets
Description
This control checks whether your secrets have been accessed within a specified number of days. The default value is 90 days. If a secret was accessed even once within the defined number of days, this control fails.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.secretsmanager_secret_last_used_1_daySnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.secretsmanager_secret_last_used_1_day --shareSQL
This control uses a named query:
secretsmanager_secret_last_used_1_day