Ensure that AWS Secret Manager Secret rotation interval is smaller than 30 days


Secrets Manager enables you to replace hardcoded credentials in your code, including passwords, with an API call to Secrets Manager to retrieve the secret programmatically. This helps ensure the secret can’t be compromised by someone examining your code, because the secret no longer exists in the code. Also, you can configure Secrets Manager to automatically rotate the secret for you according to a specified schedule. This enables you to replace long-term secrets with short-term ones, significantly reducing the risk of compromise.
AWS Secrets Manager automatically triggers a rotation this number of days after the previous rotation. If you ever rotate the secret manually, the rotation interval resets and it is best practice to set the rotation every 30 days.


From console
Perform the following actions in order to change a secret rotation rule:
1. Sign in to the AWS Secrets Manager Dashboard –
2. Choose the name of the secret to enable rotation.
3. On the secret details page, in the Rotation configuration section, choose Edit rotation.
4. On the Edit rotation configuration page, choose Enable automatic rotation.
5. For Select rotation interval, choose 30 or less days.
6. Choose a Lambda function from the list.
7. Under Select which secret will be used to perform the rotation, choose Use a secret that I have previously stored in AWS Secrets Manager.
8. In the list of secrets that appears, choose the name of your Secret
9. Choose Save.

From Command Line

aws secretsmanager rotate-secret –secret-id SECRED-ID –rotation-rules AutomaticallyAfterDays=DAYS



Secrets Manager





We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!