Ensure that your Amazon DocumentDB clusters are using AWS Secrets Manager service to manage database access credentials in order to meet security and compliance requirements. Secrets Manager provides built-in integration for Amazon DocumentDB (with MongoDB compatibility) and can rotate, manage and retrieve credentials for this type of database natively.
With Amazon Secrets Manager you can secure and manage database credentials used to access DocumentDB database clusters provisioned in your AWS account. Secrets Manager service will store MongoDB-compatible database credentials as part of the encrypted secret value (within the "SecretString" field).
Audit
To determine if Secrets Manager service is used to manage DocumentDB database credentials in your AWS account, perform the following actions:
Remediation / Resolution
To use Amazon Secrets Manager service to store and manage AWS DocumentDB database access credentials, perform the following actions:
References
- AWS Documentation
- AWS Secrets Manager FAQs
- AWS Secrets Manager Best Practices
- Retrieving the Secret Value
- Creating a Basic Secret
- AWS Command Line Interface (CLI) Documentation
- secretsmanager
- list-secrets
- get-secret-value
- create-secret
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
AWS Secrets Manager in Use for DocumentDB Databases
Risk Level: Medium