Ensure that access policy does not allow anonymous access for AWS Secrets Manager

HIGH

Description

Access policy of Secrets Manager allows anonymous access. Anonymous access could lead to sensitive data exposure.

Remediation

In AWS Console -

Sign in to the AWS console and go to the Secrets Manager console.
In the Navigation pane, select Secrets.
In the list of Secrets, select the secret to edit.
In Resource permissions box, select Edit Permissions and add an IAM policy accordingly.
Select Save.

In Terraform -

Review the policy attached to the aws_secretsmanager_secret resource and ensure necessary changes are made.

References:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret

Policy Details

Rule Reference ID: AC_AWS_0387

CSP: AWS

Remediation Available: Yes

Domain: Security Best Practices

Resource: aws_secretsmanager_secret

Resource Category: Management

Resource Type: Secrets Manager

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
SOC2