This rule ensures automatic rotation for Secrets Manager secrets.
Rule | Secrets Manager secrets should have automatic rotation enabled |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ High |
Rule Description
Secrets stored in Secrets Manager should have automatic rotation enabled to comply with the NIST 800-53 Revision 5 security standard. This rule ensures that secrets, such as passwords or database credentials, are automatically updated on a regular basis to enhance security and reduce the risk of unauthorized access.
Troubleshooting Steps
If automatic rotation is not enabled for Secrets Manager secrets, you can follow these troubleshooting steps:
Necessary Codes
There are no specific codes required for troubleshooting this rule. However, you may need to utilize AWS CLI commands or SDK methods during the remediation steps.
Remediation Steps
To enable automatic rotation for a Secrets Manager secret in compliance with NIST 800-53 Revision 5, follow these step-by-step remediation steps:
CLI Command
If you prefer to use the AWS CLI for enabling automatic rotation, you can use the following command:
aws secretsmanager rotate-secret --secret-id MySecretName --rotation-lambda-arn arn:aws:lambda:us-east-1:123456789012:function:MyRotationFunction
Replace "MySecretName" with the actual name or ARN of your secret and "MyRotationFunction" with the ARN of the Lambda function you want to use for rotation.
Conclusion
Enabling automatic rotation for Secrets Manager secrets aligns with the NIST 800-53 Revision 5 security standard. By following the troubleshooting steps and remediation guide provided above, you can ensure that secrets are automatically updated, enhancing the security of your AWS environment.