By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Other

AWS Secrets Manager

A collection of configuration templates for AWS Secrets Manager as well as security controls for monitoring and protecting AWS Secrets Manager configuration such as Config Rules and CloudWatch Alarms.

Secret

Configuration templates to create a secret using AWS Secrets Manager including options for cross-region replication, random password generation and custom KMS keys for encryption

CloudFormationTerraformAWS CLI
Config Rule

A config rule that checks whether AWS Secrets Manager secret has rotation enabled. The rule also checks an optional maximumAllowedRotationFrequency parameter.

CloudFormationTerraformAWS CLI

A config rule that checks and verifies whether AWS Secrets Manager secret rotation has rotated successfully as per the rotation schedule.

CloudFormationTerraformAWS CLI

A config rule that checks if AWS Secrets Manager secrets have been accessed within a specified number of days. The rule is NON_COMPLIANT if a secret has not been accessed in ‘unusedForDays’ number of days. The default value is 90 days.

CloudFormationTerraformAWS CLI

A config rule that if all secrets in AWS Secrets Manager are encrypted using an AWS Key Management Service (AWS KMS) customer master key (CMK). This rule is COMPLIANT if a secret is encrypted using an AWS KMS CMK. This rule is NON_COMPLIANT if a secret is encrypted using the default AWS KMS key.

CloudFormationTerraformAWS CLI
Secret
Config Rule