By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubNetwork FirewallAmazon MacieBilling and Cost ManagementS3 Bucket PoliciesCloudWatch Alarms and Event RulesLogging & Monitoring ConfigurationsAWS WAFBackups & DRAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Config Rules

Secrets Manager Secrets Encrypted with KMS

A config rule that if all secrets in AWS Secrets Manager are encrypted using an AWS Key Management Service (AWS KMS) customer master key (CMK). This rule is COMPLIANT if a secret is encrypted using an AWS KMS CMK. This rule is NON_COMPLIANT if a secret is encrypted using the default AWS KMS key.

AWS Documentation
Items
1
Size
0.7 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  ConfigRule:
    Type: "AWS::Config::ConfigRule"
    Properties:
      ConfigRuleName: "secretsmanager-using-cmk"
      Scope:
        ComplianceResourceTypes:
          - "AWS::SecretsManager::Secret"
      Description: "A config rule that if all secrets in AWS Secrets Manager are encrypted using an AWS Key Management Service (AWS KMS) customer master key (CMK). This rule is COMPLIANT if a secret is encrypted using an AWS KMS CMK. This rule is NON_COMPLIANT if a secret..."
      InputParameters:
        kmsKeyArns: "90"
      Source:
        Owner: "AWS"
        SourceIdentifier: "SECRETSMANAGER_USING_CMK"
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Rule Settings


Rule Parameters


Trigger Settings

* Required field