[Webinar] Discover key trends and best practices in Kubernetes observability with DevOps expert, Viktor Farcic.Register now
Our recognition in the inaugural Gartner MQ for DEM

AWS Secrets Manager Monitoring

AWS Secrets Manager - Overview

AWS Secrets Manager is a fully managed service designed to securely store, manage, and retrieve sensitive information like database credentials, API keys, and other secrets. It automates secret rotation, encrypts stored secrets using AWS Key Management Service (KMS), and integrates with AWS services to streamline authentication and access management.

Monitoring AWS Secrets Manager is crucial for maintaining the security, availability, and compliance of sensitive data. Applications Manager's AWS Secrets Manager monitoring tool provides real-time tracking of key parameters such as secret age, rotation status, and scheduled deletions, ensuring the integrity and security of critical credentials. With proactive alerts, historical data analysis, and automated anomaly detection, the tool helps mitigate risks, prevent unauthorized access, and uphold security compliance.

Creating a new AWS Secrets Manager monitor

To learn how to create a new AWS Secrets Manager monitor, refer here.

Monitored Parameters

Go to the Monitors Category View by clicking the Monitors tab. Click on the Secrets Manager instance available under Amazon in the Cloud Apps section. Displayed below is the AWS Secrets Manager bulk configuration view distributed into three tabs:

  • Availability tab gives the availability history for the past 24 hours or 30 days.
  • Performance tab gives the health status and events for the past 24 hours or 30 days.
  • List view tab enables you to perform bulk admin configurations.

By clicking a monitor from the list, you'll be taken to the AWS Secrets Manager dashboard which includes the following tabs:

Performance Overview

Parameter Description
SECRET LIFECYCLE
Secret Age The total number of days since the secret was created at the time of polling (in days).
DAYS UNTIL SCHEDULED DELETION
Days Until Scheduled Deletion The total number of days remaining before the secret is permanently deleted at the time of polling (in days).
SECRET ROTATION
Days Since Last Rotation The total number of days since the secret was last rotated at the time of polling (in days).
Days Until Next Rotation The total number of days remaining until the next scheduled rotation of the secret at the time of polling (in days).
DAYS SINCE LAST CHANGE
Days Since Last Change The total number of days since the secret's metadata or value was last modified at the time of polling (in days).

Configuration

Parameter Description
CONFIGURATION
Description The description of the secret.
Primary Region The Region where the secret is stored.
KMS Key ID The key ID or alias ARN of the AWS KMS key that Secrets Manager uses to encrypt the secret value.
Created Date The date the secret was created.
Last Changed Date The last date and time that this secret was modified in any way.
Last Accessed Date The date that the secret was last accessed in the Region.
Scheduled Deletion Date The date the secret is scheduled for deletion.
ROTATION
Rotation Specifies whether automatic rotation is turned on for this secret.
Rotation Interval The number of days between rotations of the secret (in day(s)).
Schedule Expression A cron() or rate() expression that defines the schedule for rotating your secret.
Duration The length of the rotation window in hours.
Last Rotation Date The last date and time that Secrets Manager rotated the secret.
Next Rotation Date The next rotation is scheduled to occur on or before this date.
Rotation Lambda Function The ARN of the Lambda function that Secrets Manager invokes to rotate the secret.

Thank you for your feedback!

Was this content helpful?

We are sorry. Help us improve this page.

How can we improve this page?
Do you need assistance with this topic?
By clicking "Submit", you agree to processing of personal data according to the Privacy Policy.
Back to Top