library
turbot/aws_thrifty
- Correct DynamoDB table with stale data
- Correct EBS snapshots exceeding max age
- Correct EBS volumes attached to stopped instances
- Correct EBS volumes exceeding max size
- Correct EBS volumes if unattached
- Correct EBS volumes using gp2
- Correct EBS volumes using io1
- Correct EBS volumes with low IOPS
- Correct EBS volumes with low usage
- Correct EC2 application load balancers if unused
- Correct EC2 classic load balancers if unused
- Correct EC2 gateway load balancers if unused
- Correct EC2 instances exceeding max age
- Correct EC2 instances large
- Correct EC2 instances of older generation
- Correct EC2 instances without graviton
- Correct EC2 network load balancers if unused
- Correct EKS node groups without graviton
- Correct Elasticache clusters exceeding max age
- Correct EMR Clusters idle 30 mins
- Correct Lambda functions without graviton
- Correct one DynamoDB table with stale data
- Correct one EBS snapshot exceeding max age
- Correct one EBS volume attached to stopped instance
- Correct one EBS volume exceeding max size
- Correct one EBS volume if unattached
- Correct one EBS volume using gp2
- Correct one EBS volume using io1
- Correct one EBS volume with low IOPS
- Correct one EBS volume with low usage
- Correct one EC2 application load balancer if unused
- Correct one EC2 classic load balancer if unused
- Correct one EC2 gateway load balancer if unused
- Correct one EC2 instance exceeding max age
- Correct one EC2 instance large
- Correct one EC2 instance of older generation
- Correct one EC2 instance without graviton
- Correct one EC2 network load balancer if unused
- Correct one EKS node group without graviton
- Correct one Elasticache cluster exceeding max age
- Correct one EMR Cluster idle 30 mins
- Correct one Lambda function without graviton
- Correct one RDS DB instance exceeding max age
- Correct one RDS DB instance of older generation
- Correct one RDS DB instance with low connection count
- Correct one RDS DB instance without graviton processor
- Correct one Route53 health check if unused
- Correct one Route53 record with lower TTL
- Correct one S3 bucket without lifecycle policy
- Correct one SecretsManager secret if unused
- Correct one VPC EIP if unattached
- Correct one VPC NAT gateway if unused
- Correct RDS DB instances exceeding max age
- Correct RDS DB instances of older generation
- Correct RDS DB instances with low connection count
- Correct RDS DB instances without graviton processor
- Correct Route53 health checks if unused
- Correct Route53 records with lower TTL
- Correct S3 buckets without lifecycle policy
- Correct SecretsManager secrets if unused
- Correct VPC EIPs if unattached
- Correct VPC NAT gateways if unused
- Detect & correct DynamoDB tables with stale data
- Detect & correct EBS snapshots exceeding max age
- Detect & correct EBS volumes attached to stopped instances
- Detect & correct EBS volumes exceeding max size
- Detect & correct EBS volumes if unattached
- Detect & correct EBS volumes using gp2
- Detect & correct EBS volumes using io1
- Detect & correct EBS volumes with low IOPS
- Detect & correct EBS volumes with low usage
- Detect & correct EC2 application load balancers if unused
- Detect & correct EC2 classic load balancers if unused
- Detect & correct EC2 gateway load balancers if unused
- Detect & correct EC2 instances exceeding max age
- Detect & correct EC2 instances large
- Detect & correct EC2 instances of older generation
- Detect & correct EC2 instances without graviton
- Detect & correct EC2 network load balancers if unused
- Detect & correct EKS node groups without graviton
- Detect & correct Elasticache clusters exceeding max age
- Detect & correct EMR Clusters idle 30 mins
- Detect & correct Lambda functions without graviton
- Detect & correct RDS DB instances exceeding max age
- Detect & correct RDS DB instances of older generation
- Detect & correct RDS DB instances with low connection count
- Detect & correct RDS DB instances without graviton processor
- Detect & correct Route53 health checks if unused
- Detect & correct Route53 records with lower TTL
- Detect & correct S3 buckets without lifecycle policy
- Detect & correct SecretsManager secrets if unused
- Detect & correct VPC EIPs if unattached
- Detect & correct VPC NAT gateways if unused
- Snapshot & Delete EBS Volume
Get Involved
Version
Correct one SecretsManager secret if unused
Overview
SecretsManager secrets have an inherent monthly cost, therefore secrets which are no longer accessed / used should be removed to prevent further charges.
This pipeline allows you to specify a single unused secret and then either sends a notification or attempts to perform a predefined corrective action.
Whilst it is possible to utilise this pipeline standalone, it is usually called from the correct_secretsmanager_secrets_if_unused pipeline.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run aws_thrifty.pipeline.correct_one_secretsmanager_secret_if_unused \ --arg 'title=<string>' \ --arg 'name=<string>' \ --arg 'region=<string>' \ --arg 'cred=<string>'Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = aws_thrifty.pipeline.correct_one_secretsmanager_secret_if_unused args = { title = <string> name = <string> region = <string> cred = <string> }}Params
| Name | Type | Required | Description | Default |
|---|---|---|---|---|
| title | string | Yes | Title of the resource, to be used as a display name. | - |
| name | string | Yes | The friendly name of the SecretsManager secret. | - |
| region | string | Yes | AWS Region of the resource(s). | - |
| cred | string | Yes | Name of the credential to be used for any authenticated actions. | - |
| notifier | string | Yes | The name of the notifier to use for sending notification messages. | default |
| notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
| approvers | list of string | Yes | List of notifiers to be used for obtaining action/approval decisions. | |
| default_action | string | Yes | The default action to use for the detected item, used if no input is provided. | notify |
| enabled_actions | list of string | Yes | The list of enabled actions to provide to approvers for selection. | |
Outputs
This pipeline has no outputs.
Tags
category = Cost
class = unused
plugin = aws
service = AWS/Secrets Manager