Rotate your secrets
Using Site24x7's IT Automation framework, you can rotate your secrets for the AWS Secrets Manager monitor. You can also configure automated tasks to trigger when there's a change in the status of the monitor or in individual attributes.
Table of contents
Required permissions
To perform the actions, ensure that the IAM role assumed by Site24x7 has the following partial write actions in the attached policy document:
- "secretsmanager:RotateSecret"
Create an automation
- Log in to the Site24x7 web console and go to Admin > IT Automation Templates > Add Automation Templates.
- Click the Type drop-down and select the action to be performed as Rotate Secret.
- Enter a Display Name.
- From the Action to be Performed drop-down menu, select Rotate Secret.
- Select the applicable monitor from the Destination Secret(s) list.
- Max Allowed Action Execution Time: The maximum time (in seconds) Site24x7 should wait before the request times out. The execution time is set to 15 seconds by default. You can define an execution time between one and 90 seconds.
- Send the Automation Result via Email: You can choose to receive an email regarding the automation result by toggling this setting to Yes. Automation results can be shared via email to your User Alert Group configured in the Notification Profile. This email will contain parameters including the automation name, type of automation, incident reason, destination hosts, and more.
- Click Save to save the template.
Simulate the automation
Before mapping the action profile, you can test its functionality by invoking the operational task manually within the Site24x7 console or by using our REST APIs. This is done to check whether the appropriate write-level permissions required to execute the reboot action are in place. To test the profile, navigate back to the IT Automation summary page (Admin > IT Automation) and click the play icon next to the appropriate template to execute a dry run.
Map the action profile
To execute the automation, map the action profile to the desired alert event. You can either map the profile to a predefined monitor-level event type or to a custom attribute-level event type.