turbot/aws_thrifty

Control: Unused Secrets Manager secrets should be deleted

Description

AWS Secrets Manager secrets should be accessed within a specified number of days. The default value is 90 days.

Usage

Run the control in your terminal:

powerpipe control run aws_thrifty.control.secretsmanager_secret_unused

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_thrifty.control.secretsmanager_secret_unused --share

Steampipe Tables

Params

ArgsNameDefaultDescriptionVariable
$1secretsmanager_secret_last_used
90
The specified number of days since secrets manager secret last used.

SQL

select
arn as resource,
case
when date_part('day', now()-last_accessed_date) < $1 then 'ok'
else 'alarm'
end as status,
case
when last_accessed_date is null then title || ' is never used.'
else title || ' is last used ' || age(current_date, last_accessed_date) || ' ago.'
end as reason
, region, account_id
from
aws_secretsmanager_secret;

Tags