- Newest
- Most votes
- Most comments
You can use the usual tags on a secret. https://docs.aws.amazon.com/secretsmanager/latest/userguide/managing-secrets_tagging.html#
You could set a date of when the password was last changed than when it’s due to expire and then using a lambda function which can run via an event Bridge cron schedule, have it enumerate all secrets in question and check the last changed date and carry out a date diff from password last changed to today’s date is greater than X days then create message in sns which in turn is sent to a subscriber.
This way you can easily change the duration in your lambda because it’s based on X days since last changed if your password policy ever changes .
You could also obtain the date of the secret was last updated too. That’s another option than using tags.
Relevant content
- Accepted Answerasked 6 months ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago