Cloud Defense Logo

Products

Solutions

Company

Secrets Manager Secrets Rotation Rule

This rule ensures automatic rotation for Secrets Manager secrets.

RuleSecrets Manager secrets should have automatic rotation enabled
FrameworkNIST 800-53 Revision 5
Severity
High

Rule Description

Secrets stored in Secrets Manager should have automatic rotation enabled to comply with the NIST 800-53 Revision 5 security standard. This rule ensures that secrets, such as passwords or database credentials, are automatically updated on a regular basis to enhance security and reduce the risk of unauthorized access.

Troubleshooting Steps

If automatic rotation is not enabled for Secrets Manager secrets, you can follow these troubleshooting steps:

  2. 1.
    Verify that the AWS CLI or SDK is properly configured to access Secrets Manager.
  4. 2.
    Ensure that you have the necessary IAM permissions to manage rotation for Secrets Manager secrets.
  6. 3.
    Check if the problematic secret has rotation enabled. You can use the AWS Management Console, AWS CLI, or SDK to retrieve the details of the secret.
  8. 4.
    If the secret does not have automatic rotation enabled, proceed to the remediation steps.

Necessary Codes

There are no specific codes required for troubleshooting this rule. However, you may need to utilize AWS CLI commands or SDK methods during the remediation steps.

Remediation Steps

To enable automatic rotation for a Secrets Manager secret in compliance with NIST 800-53 Revision 5, follow these step-by-step remediation steps:

  2. 1.
    Identify the secret for which you want to enable automatic rotation.
  4. 2.
    Open the AWS Management Console and navigate to the Secrets Manager service.
  6. 3.
    In the left navigation pane, click on "Secrets".
  8. 4.
    Locate the specific secret and click on its name to access its details.
  10. 5.
    Scroll down to the "Rotation" section and click on "Edit rotation".
  12. 6.
    Select the "Enable automatic rotation" checkbox.
  14. 7.
    Configure the rotation settings according to your requirements, such as rotation frequency and the Lambda function to be used for rotation.
  16. 8.
    Click on "Save" to apply the changes and enable automatic rotation for the secret.

CLI Command

If you prefer to use the AWS CLI for enabling automatic rotation, you can use the following command:

aws secretsmanager rotate-secret --secret-id MySecretName --rotation-lambda-arn arn:aws:lambda:us-east-1:123456789012:function:MyRotationFunction

Replace "MySecretName" with the actual name or ARN of your secret and "MyRotationFunction" with the ARN of the Lambda function you want to use for rotation.

Conclusion

Enabling automatic rotation for Secrets Manager secrets aligns with the NIST 800-53 Revision 5 security standard. By following the troubleshooting steps and remediation guide provided above, you can ensure that secrets are automatically updated, enhancing the security of your AWS environment.

Is your System Free of Underlying Vulnerabilities?
Find Out Now