AWS_Secrets-Manager_3

Ensure Secrets Manager In Use

Description

AWS Secrets Manager is an AWS service that makes it easier for you to manage secrets. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. Amazon Secrets Manager helps you protect sensitive information needed to access your cloud applications, services, and resources. The main benefits of using AWS Secrets Manager are a secure and automatic rotation of secrets – you can rotate secrets safely, on a regular schedule, without the need for code deployments.

Remediation

Perform the following steps to use secrets manager :

  1. Sign in to AWS Management Console.
  2. Navigate to AWS Secrets Manager dashboard at https://console.aws.amazon.com/secretsmanager/.
  3. In the navigation panel, select Secrets.
  4. Click Store a new secret button from the dashboard top menu to start the setup process for your new secret.
  5. On Select secret type page, perform the following:
    1. Select Credentials for RDS database to configure the secret to store access credentials for an AWS RDS database instance.
    2. In the Username and Password fields, type the user name and password that grant access to the RDS database associated with the secret.
    3. From Select, the encryption key dropdown list, choose the KMS key to use to encrypt the secret information. Use a Customer Master Key (CMK) for complete control over the encryption and decryption process.
    4. From Select which RDS database this secret will access, list select the Amazon RDS database instance associated with the new Secrets Manager secret.
    5. Click Next to continue the process.
  6. On Secret name and description page, type a unique name for your secret in the Secret name box and a short description in the Description box (optional). Create any necessary tag sets for the new secret using the Tags form. Once the requested information is provided, click Next to continue.
  7. On Store a new secret page, inside Configure automatic rotation section, perform the following:
    1. Select Enable automatic rotation to enable automatic rotation feature for the new secret.
    2. Select a predefined (e.g. 30, 60, 90 days) or a custom value for the rotation interval from the Select rotation interval dropdown list.
    3. Select Create a new Lambda function to perform rotation option to create your own custom Lambda function for rotation and give your new Lambda function a name in the New AWS Lambda function name box, or select Use an existing Lambda function to perform rotation to implement an AWS Lambda function that you have previously created for rotating this type of secret and choose this existing Lambda function from Choose an AWS Lambda function dropdown list.
    4. Choose Next to continue.
  8. On the Review page, verify the secret configuration details, then click Store to create the new Amazon Secrets Manager secret.
  9. Once the following confirmation message is displayed: “Your secret &lt

Service

Secrets Manager

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!