AWS Secrets Manager
Store your secrets securely to reduce the risk of unauthorized access to sensitive information with AWS Secrets Manager. Site24x7's integration with AWS Secrets Manager provides enhanced security, improved efficiency, and better compliance.
Table of contents
- Use case
- Benefits of the integration between Site24x7 and AWS Secrets Manager
- Setup and configuration
- Permissions
- Polling frequency
- Supported metrics for AWS Secrets Manager
- Supported metrics for AWS Secrets Manager Regional
- Threshold configuration
- Licensing
- Automation
- Viewing AWS Secrets Manager
- AWS Secrets Manager data
Use case
Consider a case where you have an AWS Secrets Manager monitor integrated with Site24x7. Whenever the secrets are changed or rotated in your AWS Secrets Manager monitor, Site24x7 alerts you about the change. Thus, the integration enables you to identify unauthorized changes or data breaches.
Benefits of the integration between Site24x7 and AWS Secrets Manager
Site24x7's AWS Secrets Manager integration provides you with the following benefits:
- Track the rotation of secrets and secure your data.
- Schedule IT Automation to automatically rotate your secrets.
- Monitor the number of secrets for your AWS accounts at a regional level.
Setup and configuration
- If you have not done so already, enable access to your AWS resources by creating a cross-account IAM role between your AWS account and Site24x7's AWS account.
- On the Integrate AWS Account page, please make sure AWS Secrets Manager is selected in the Services to be discovered field.
Permissions
Ensure that Site24x7 receives the following permissions to monitor AWS Secrets Manager:
- "secretsmanager:DescribeSecret"
- "secretsmanager:ListSecrets"
- "secretsmanager:GetResourcePolicy"
Polling frequency
- Site24x7 queries other AWS service-level APIs according to the set polling frequency (from one minute to one day) to collect metrics from the AWS Secrets Manager monitor.
- Site24x7 queries Amazon CloudWatch and other AWS service-level APIs according to the set polling frequency (from one minute to one day) to collect metrics from the AWS Secrets Manager Regional monitor.
Supported metrics for AWS Secrets Manager
Metric name | Description | Statistic | Unit |
---|---|---|---|
Secret Changed | The value in the chart gets updated to one when a secret change happens | Average | Count |
Secret Rotated | The value in the chart gets updated to one when a secret rotation happens | Average | Count |
Supported metrics for AWS Secrets Manager Regional
Metric name | Description | Statistic | Unit |
---|---|---|---|
Resource Count | The number of secrets in your account, including secrets that are marked for deletion | Maximum | Count |
Rotate Secret Call Count | The number of times a rotate secret call occurs for the secrets | Sum | Count |
Threshold configuration
To configure thresholds for your integrated monitor:
- Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
- Click Add Threshold Profile.
- Select AWS Secrets Manager from the Monitor Type drop-down menu and provide an appropriate name in the Display Name field.
- The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics listed above.
Licensing
- For the AWS Secrets Manager monitor, five monitors will consume one basic monitor license.
- For the AWS Secrets Manager Regional monitor, one monitor consumes one basic monitor license.
Automation
You can add automations to rotate your secrets automatically. Go to Admin > IT Automation Templates > Add Automation Templates. Once automations are added, you can schedule them to be executed one after the other.
Viewing AWS Secrets Manager
To monitor your secrets, log in to your Site24x7 account and navigate to Cloud > AWS > AWS Secret Manager.
Site24x7's integration with AWS Secrets Manager also provides the AWS Secrets Manager Regional monitor to help you track and stay updated on the secrets for your AWS accounts at a regional level.
AWS Secrets Manager data
You can view the statuses of your AWS resource secrets on the following tabs.
Summary
The Summary tab provides an overview of the secrets' data, such as the Secret Statistic, Updates, and Down/Trouble History.
Monitored Resources
The Monitored Resources tab lists all the resources that are managed and monitored by Site24x7.
Configuration
Obtain the configuration details, such as the Secret Manager ARN, Secret Manager Name, and Key management key ID from the Configuration tab. You can also view the Rotation Configuration data from this tab.
Outages
The Outages tab displays the Down/Trouble History with the start time and end time of an outage, the duration, and comments (if any). To add an outage, click Add Outage and enter the Start Time, End Time, and Description. Click Save to save the outage details and view the outage on the Outages tab. You also have the option to share the outage details in CSV, PDF, or email format. To share the outage data, click Share This.