AWS secretsmanager documentation change
Summary
Added guidance to restrict IP ingress using AWS EC2 IP ranges for external resource access during secret rotation
Security assessment
Documentation promotes security best practices by recommending network access restrictions, but doesn't address a specific vulnerability or incident. It enhances security awareness without patching a known issue.
Diff
diff --git a/secretsmanager/latest/userguide/mes-security.md b/secretsmanager/latest/userguide/mes-security.md index 7400a2bad..82cb063c7 100644 --- a//secretsmanager/latest/userguide/mes-security.md +++ b//secretsmanager/latest/userguide/mes-security.md @@ -12,0 +13,2 @@ For rotation to function properly, you must provide Secrets Manager with specifi +You can restrict the IP ingress to your external resource by only allowing the [AWS IP ranges](https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html) for EC2 in the region where your secret exists. This list of IP ranges can change so you should refresh your ingress rules periodically. +