A collection of configuration templates for AWS Secrets Manager as well as security controls for monitoring and protecting AWS Secrets Manager configuration such as Config Rules and CloudWatch Alarms.

SecretsManager
Secrets Manager Rotation Schedule Example using Cron Expression

This template creates a Secrets Manager rotation schedule for a secret. The secret is rotated every day between 1:00 AM and 3:00 AM UTC. The rotation is performed by a Lambda function.

CloudFormationTerraform
Secrets Manager Rotation Schedule Example using Rate Expression

This template creates a Secrets Manager rotation schedule for a secret. The secret is rotated every 10 days between midnight and 6:00 AM UTC. The rotation is performed by a Lambda function.

CloudFormationTerraform
AWS Secrets Manager: Redshift Cluster Secret Rotation Example

This template creates a Redshift cluster and a secret with credentials. The secret is configured to rotate on the first Sunday of every month between 4:00 AM and 6:00 AM UTC. The rotation is performed by a Lambda function.

CloudFormationTerraform
Secrets Manager: DocumentDB Secret Rotation Example

This template creates a DocumentDB database instance and a secret with credentials. The secret is configured to rotate on the first Sunday of every month between 4:00 AM and 6:00 AM UTC. The rotation is performed by a Lambda function.

CloudFormationTerraform
Secrets Manager Secret with a Dynamically Generated Password

This template creates a Secrets Manager secret with a dynamically generated password. The secret value is constructed from a string template combined with a randomly generated password. The secret contains a username and password.

CloudFormationTerraform
Secrets Manager Secret with Hardcoded Password

This template creates a Secrets Manager secret with a hardcoded password. The secret value is provided an CloudFormation parameter which is stored as a literal string in the secret.

CloudFormationTerraform
Secrets Manager Secret with Replication

This template creates a Secrets Manager secret and replicates it to two different regions. One region uses a customer managed key, while the other region uses the AWS managed key for Secrets Manager.

CloudFormationTerraform
Secrets Manager Secret with Target Attachment for Redshift Cluster

This template creates a Secrets Manager secret and an Amazon Redshift cluster. The secret contains the admin credentials for the Redshift cluster. The template uses the secret to define the database admin user and password for the Redshift cluster. It also includes a SecretTargetAttachment resource to configure the secret with the required database engine type and connection details.

CloudFormationTerraform
Secret with Resource Policy

This template creates a secret in AWS Secrets Manager and attaches a resource-based policy to it. The resource-based policy denies the 'DeleteSecret' action for all principals except the root user of the AWS account.

CloudFormationTerraform