- 最新
- 最多得票
- 最多評論
You can use the usual tags on a secret. https://docs.aws.amazon.com/secretsmanager/latest/userguide/managing-secrets_tagging.html#
You could set a date of when the password was last changed than when it’s due to expire and then using a lambda function which can run via an event Bridge cron schedule, have it enumerate all secrets in question and check the last changed date and carry out a date diff from password last changed to today’s date is greater than X days then create message in sns which in turn is sent to a subscriber.
This way you can easily change the duration in your lambda because it’s based on X days since last changed if your password policy ever changes .
You could also obtain the date of the secret was last updated too. That’s another option than using tags.
相關內容
AWS 官方已更新 3 年前- AWS 官方已更新 2 年前