Control: Unused Secrets Manager secrets should be deleted
Description
AWS Secrets Manager secrets should be accessed within a specified number of days. The default value is 90 days.
Usage
Run the control in your terminal:
powerpipe control run aws_thrifty.control.secretsmanager_secret_unusedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_thrifty.control.secretsmanager_secret_unused --shareSteampipe Tables
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | secretsmanager_secret_last_used | | The specified number of days since secrets manager secret last used. |
SQL
select arn as resource, case when date_part('day', now()-last_accessed_date) < $1 then 'ok' else 'alarm' end as status, case when last_accessed_date is null then title || ' is never used.' else title || ' is last used ' || age(current_date, last_accessed_date) || ' ago.' end as reason , region, account_idfrom aws_secretsmanager_secret;