Control: Secrets Manager secrets should have automatic rotation enabled
Description
This rule ensures AWS Secrets Manager secrets have rotation enabled. Rotating secrets on a regular schedule can shorten the period a secret is active, and potentially reduce the business impact if the secret is compromised.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.secretsmanager_secret_automatic_rotation_enabled
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.secretsmanager_secret_automatic_rotation_enabled --share
SQL
This control uses a named query:
select arn as resource, case when rotation_rules is null then 'alarm' else 'ok' end as status, case when rotation_rules is null then title || ' automatic rotation not enabled.' else title || ' automatic rotation enabled.' end as reason , region, account_idfrom aws_secretsmanager_secret;