Query: Secrets Manager secrets should be rotated within a specified number of days

Description

This control checks whether your secrets have been rotated at least once within 90 days. Rotating secrets can help you to reduce the risk of an unauthorized use of your secrets in your AWS account. Examples include database credentials, passwords, third-party API keys, and even arbitrary text. If you do not change your secrets for a long period of time, the secrets are more likely to be compromised.

Query

Tables used in this query:

• aws_secretsmanager_secret

Controls using this query:

• 4 Secrets Manager secrets should be rotated within a specified number of days
• Secrets Manager secrets should be rotated within a specified number of days

SQL