Help Amazon Web Services AWS Secrets Manager integration

AWS Secrets Manager

Store your secrets securely to reduce the risk of unauthorized access to sensitive information with AWS Secrets Manager. Site24x7's integration with AWS Secrets Manager provides enhanced security, improved efficiency, and better compliance.

secrets manager integration

Table of contents

Use case

Consider a case where you have an AWS Secrets Manager monitor integrated with Site24x7. Whenever the secrets are changed or rotated in your AWS Secrets Manager monitor, Site24x7 alerts you about the change. Thus, the integration enables you to identify unauthorized changes or data breaches.

Benefits of the integration between Site24x7 and AWS Secrets Manager

Site24x7's AWS Secrets Manager integration provides you with the following benefits:

  • Track the rotation of secrets and secure your data.
  • Schedule IT Automation to automatically rotate your secrets.
  • Monitor the number of secrets for your AWS accounts at a regional level.

Setup and configuration

  • If you have not done so already, enable access to your AWS resources by creating a cross-account IAM role between your AWS account and Site24x7's AWS account.
  • On the Integrate AWS Account page, please make sure AWS Secrets Manager is selected in the Services to be discovered field.

Permissions

Ensure that Site24x7 receives the following permissions to monitor AWS Secrets Manager:

  • "secretsmanager:DescribeSecret"
  • "secretsmanager:ListSecrets"
  • "secretsmanager:GetResourcePolicy"

Polling frequency

  • Site24x7 queries other AWS service-level APIs according to the set polling frequency (from one minute to one day) to collect metrics from the AWS Secrets Manager monitor.
  • Site24x7 queries Amazon CloudWatch and other AWS service-level APIs according to the set polling frequency (from one minute to one day) to collect metrics from the AWS Secrets Manager Regional monitor.

Supported metrics for AWS Secrets Manager 

Metric name Description Statistic Unit
 Secret Changed  The value in the chart gets updated to one when a secret change happens  Average  Count
 Secret Rotated  The value in the chart gets updated to one when a secret rotation happens  Average  Count

Supported metrics for AWS Secrets Manager Regional

Metric name Description Statistic Unit
 Resource Count  The number of secrets in your account, including secrets that are marked for deletion  Maximum Count
 Rotate Secret Call Count  The number of times a rotate secret call occurs for the secrets Sum Count

Threshold configuration

To configure thresholds for your integrated monitor:

  1. Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
  2. Click Add Threshold Profile.
  3. Select AWS Secrets Manager from the Monitor Type drop-down menu and provide an appropriate name in the Display Name field.
  4. The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics listed above.

Licensing

Automation

You can add automations to rotate your secrets automatically. Go to Admin > IT Automation Templates > Add Automation Templates. Once automations are added, you can schedule them to be executed one after the other.

Viewing AWS Secrets Manager

To monitor your secrets, log in to your Site24x7 account and navigate to Cloud > AWS > AWS Secret Manager.

Site24x7's integration with AWS Secrets Manager also provides the AWS Secrets Manager Regional monitor to help you track and stay updated on the secrets for your AWS accounts at a regional level.

AWS Secrets Manager data

You can view the statuses of your AWS resource secrets on the following tabs.

Summary

The Summary tab provides an overview of the secrets' data, such as the Secret Statistic, Updates, and Down/Trouble History.

Monitored Resources

The Monitored Resources tab lists all the resources that are managed and monitored by Site24x7.

Configuration

Obtain the configuration details, such as the Secret Manager ARN, Secret Manager Name, and Key management key ID from the Configuration tab. You can also view the Rotation Configuration data from this tab.

Outages

The Outages tab displays the Down/Trouble History with the start time and end time of an outage, the duration, and comments (if any). To add an outage, click Add Outage and enter the Start Time, End Time, and Description. Click Save to save the outage details and view the outage on the Outages tab. You also have the option to share the outage details in CSV, PDF, or email format. To share the outage data, click Share This.

Inventory

View the inventory details, such as the Secret Manager Name, Region, Monitor Licensing Category, and Check Frequency, on the Inventory tab. You can also add and save a note for your monitor in the Note section of the Inventory tab.

Log Report

Log Report

The Log Report tab displays the Collection Time, Status, Secrets Changed, and Secrets Rotated from your AWS Secrets Manager monitor based on the time, location, and availability. Click Download CSV to obtain your log reports in CSV format.

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.

Help Amazon Web Services AWS Secrets Manager integration