Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Using SNS to Notify of Secret Expiration

0

My organization manages passwords in Secrets Manager that give us access to an external vendors' services. We want to rotate these passwords ourselves manually since we receive the passwords from the external vendor. Thus, we cannot allow AWS to manage the rotation of these passwords for us. Is there a way to "tag" a secret with an expiration date and send an email notification over AWS SNS when we are within 128 days of that expiration date?

Themen
AnwendungsintegrationSicherheit, Identität & Konformität
Tags
Amazon Simple Notification Service (SNS)AWS Geheimnismanager
Sprache
English
mgseaton
gefragt vor 9 Monaten934 Aufrufe
1 Antwort
1
Akzeptierte Antwort

You can use the usual tags on a secret. https://docs.aws.amazon.com/secretsmanager/latest/userguide/managing-secrets_tagging.html#

You could set a date of when the password was last changed than when it’s due to expire and then using a lambda function which can run via an event Bridge cron schedule, have it enumerate all secrets in question and check the last changed date and carry out a date diff from password last changed to today’s date is greater than X days then create message in sns which in turn is sent to a subscriber.

This way you can easily change the duration in your lambda because it’s based on X days since last changed if your password policy ever changes .

You could also obtain the date of the secret was last updated too. That’s another option than using tags.

profile picture
EXPERTE
Gary Mclean
beantwortet vor 9 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt