Ensure your secrets manager secrets are encrypted with KMS customer managed key

Ensure that your Elastic Load Balancers have access logging enabled to understand where traffic is originating from and pinpoint any type of malicious patterns. This is considered a security best practice and should always be done. Ensuring this is enabled will help with NIST and PCI-DSS compliance.

Audit & Remediation

  • Login into your AWS account
  • Navigate to the Secrets Manager service at: https://console.aws.amazon.com/secretsmanager
  • On the left hand panel select Secrets.
  • select the hyperlink under Secret name for the secret you would like to examine.



  • Under Secret details check the setting for Encryption key. If this is set to DefaultEncryptionKey, the Secrets Manager is leveraging the default AWS encryption key.



  • Select Actions then choose Edit encryption key.
  • In the drop down select a custom KMS key create by you under Select the encryption key then choose Create new version of the secret with new encryption key.



  • Press the Save button.
  • Repeat the outlined steps for all of your elastic load balancers.
See all of your AWS S3 Buckets in a single place!

Do you want to see all S3 Buckets in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.


Other Key Features


Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +