A config rule that checks if AWS Secrets Manager secrets have been accessed within a specified number of days. The rule is NON_COMPLIANT if a secret has not been accessed in ‘unusedForDays’ number of days. The default value is 90 days.

This config rule supports the following parameters:

  • unusedForDays
    • Required: No
    • Type: int
    • Description:The number of days in which a secret can remain unused. The default value is 90 days.
    • Default Value: 90


Source *

CloudFormation Template

Share Template