AWS Secrets Manager Monitoring
AWS Secrets Manager - Overview
AWS Secrets Manager is a fully managed service designed to securely store, manage, and retrieve sensitive information like database credentials, API keys, and other secrets. It automates secret rotation, encrypts stored secrets using AWS Key Management Service (KMS), and integrates with AWS services to streamline authentication and access management.
Monitoring AWS Secrets Manager is crucial for maintaining the security, availability, and compliance of sensitive data. Applications Manager's AWS Secrets Manager monitoring tool provides real-time tracking of key parameters such as secret age, rotation status, and scheduled deletions, ensuring the integrity and security of critical credentials. With proactive alerts, historical data analysis, and automated anomaly detection, the tool helps mitigate risks, prevent unauthorized access, and uphold security compliance.
Creating a new AWS Secrets Manager monitor
To learn how to create a new AWS Secrets Manager monitor, refer here.
Monitored Parameters
Go to the Monitors Category View by clicking the Monitors tab. Click on the Secrets Manager instance available under Amazon in the Cloud Apps section. Displayed below is the AWS Secrets Manager bulk configuration view distributed into three tabs:
- Availability tab gives the availability history for the past 24 hours or 30 days.
- Performance tab gives the health status and events for the past 24 hours or 30 days.
- List view tab enables you to perform bulk admin configurations.
By clicking a monitor from the list, you'll be taken to the AWS Secrets Manager dashboard which includes the following tabs:
Performance Overview
| Parameter | Description |
|---|
| SECRET LIFECYCLE |
| Secret Age | The total number of days since the secret was created at the time of polling (in days). |
| DAYS UNTIL SCHEDULED DELETION |
| Days Until Scheduled Deletion | The total number of days remaining before the secret is permanently deleted at the time of polling (in days). |
| SECRET ROTATION |
| Days Since Last Rotation | The total number of days since the secret was last rotated at the time of polling (in days). |
| Days Until Next Rotation | The total number of days remaining until the next scheduled rotation of the secret at the time of polling (in days). |
| DAYS SINCE LAST CHANGE |
| Days Since Last Change | The total number of days since the secret's metadata or value was last modified at the time of polling (in days). |
Configuration
| Parameter | Description |
|---|
| CONFIGURATION |
| Description | The description of the secret. |
| Primary Region | The Region where the secret is stored. |
| KMS Key ID | The key ID or alias ARN of the AWS KMS key that Secrets Manager uses to encrypt the secret value. |
| Created Date | The date the secret was created. |
| Last Changed Date | The last date and time that this secret was modified in any way. |
| Last Accessed Date | The date that the secret was last accessed in the Region. |
| Scheduled Deletion Date | The date the secret is scheduled for deletion. |
| ROTATION |
| Rotation | Specifies whether automatic rotation is turned on for this secret. |
| Rotation Interval | The number of days between rotations of the secret (in day(s)). |
| Schedule Expression | A cron() or rate() expression that defines the schedule for rotating your secret. |
| Duration | The length of the rotation window in hours. |
| Last Rotation Date | The last date and time that Secrets Manager rotated the secret. |
| Next Rotation Date | The next rotation is scheduled to occur on or before this date. |
| Rotation Lambda Function | The ARN of the Lambda function that Secrets Manager invokes to rotate the secret. |
