AWS Secret Manager Automatic Key Rotation is not enabled

Description

This policy detects whether rotation is enabled for Secrets in AWS Secrets Manager. Enabling rotation for secrets helps reduce the risk of unauthorized access to the secrets.

Code Example

resource "aws_secretsmanager_secret" "example" {
  name       = "example-secret"
  # Other necessary configurations
}

+resource "aws_secretsmanager_secret_rotation" "example" {
+  secret_id           = aws_secretsmanager_secret.example.id
+  rotation_lambda_arn = aws_lambda_function.example.arn
+  rotation_rules {
+    automatically_after_days = 30
+  }
+  # Other necessary configurations
+}

Remediation

Terraform

Resource: aws_secretsmanager_secret
Arguments: aws_secretsmanager_secret_rotation

Rule Details

Field	Value
ID	IAC-0491
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV2_AWS_57

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS Secret Manager Automatic Key Rotation is not enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS Secret Manager Automatic Key Rotation is not enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS Secret Manager Automatic Key Rotation is not enabled

Description

Code Example

Remediation

Rule Details

References