Checks if AWS Secrets Manager secrets have been rotated in the past specified number of days. The rule is NON_COMPLIANT if a secret has not been rotated for more than maxDaysSinceRotation number of days. The default value is 90 days.

This config rule supports the following parameters:

  • maxDaysSinceRotation
    • Required: No
    • Type: int
    • Description:Maximum number of days in which a secret can remain unchanged. The default value is 90 days.
    • Default Value: 90


Source *

CloudFormation Template

Share Template