library
turbot/aws_thrifty
- Correct DynamoDB table with stale data
- Correct EBS snapshots exceeding max age
- Correct EBS volumes attached to stopped instances
- Correct EBS volumes exceeding max size
- Correct EBS volumes if unattached
- Correct EBS volumes using gp2
- Correct EBS volumes using io1
- Correct EBS volumes with low IOPS
- Correct EBS volumes with low usage
- Correct EC2 application load balancers if unused
- Correct EC2 classic load balancers if unused
- Correct EC2 gateway load balancers if unused
- Correct EC2 instances exceeding max age
- Correct EC2 instances large
- Correct EC2 instances of older generation
- Correct EC2 instances without graviton
- Correct EC2 network load balancers if unused
- Correct EKS node groups without graviton
- Correct Elasticache clusters exceeding max age
- Correct EMR Clusters idle 30 mins
- Correct Lambda functions without graviton
- Correct one DynamoDB table with stale data
- Correct one EBS snapshot exceeding max age
- Correct one EBS volume attached to stopped instance
- Correct one EBS volume exceeding max size
- Correct one EBS volume if unattached
- Correct one EBS volume using gp2
- Correct one EBS volume using io1
- Correct one EBS volume with low IOPS
- Correct one EBS volume with low usage
- Correct one EC2 application load balancer if unused
- Correct one EC2 classic load balancer if unused
- Correct one EC2 gateway load balancer if unused
- Correct one EC2 instance exceeding max age
- Correct one EC2 instance large
- Correct one EC2 instance of older generation
- Correct one EC2 instance without graviton
- Correct one EC2 network load balancer if unused
- Correct one EKS node group without graviton
- Correct one Elasticache cluster exceeding max age
- Correct one EMR Cluster idle 30 mins
- Correct one Lambda function without graviton
- Correct one RDS DB instance exceeding max age
- Correct one RDS DB instance of older generation
- Correct one RDS DB instance with low connection count
- Correct one RDS DB instance without graviton processor
- Correct one Route53 health check if unused
- Correct one Route53 record with lower TTL
- Correct one S3 bucket without lifecycle policy
- Correct one SecretsManager secret if unused
- Correct one VPC EIP if unattached
- Correct one VPC NAT gateway if unused
- Correct RDS DB instances exceeding max age
- Correct RDS DB instances of older generation
- Correct RDS DB instances with low connection count
- Correct RDS DB instances without graviton processor
- Correct Route53 health checks if unused
- Correct Route53 records with lower TTL
- Correct S3 buckets without lifecycle policy
- Correct SecretsManager secrets if unused
- Correct VPC EIPs if unattached
- Correct VPC NAT gateways if unused
- Detect & correct DynamoDB tables with stale data
- Detect & correct EBS snapshots exceeding max age
- Detect & correct EBS volumes attached to stopped instances
- Detect & correct EBS volumes exceeding max size
- Detect & correct EBS volumes if unattached
- Detect & correct EBS volumes using gp2
- Detect & correct EBS volumes using io1
- Detect & correct EBS volumes with low IOPS
- Detect & correct EBS volumes with low usage
- Detect & correct EC2 application load balancers if unused
- Detect & correct EC2 classic load balancers if unused
- Detect & correct EC2 gateway load balancers if unused
- Detect & correct EC2 instances exceeding max age
- Detect & correct EC2 instances large
- Detect & correct EC2 instances of older generation
- Detect & correct EC2 instances without graviton
- Detect & correct EC2 network load balancers if unused
- Detect & correct EKS node groups without graviton
- Detect & correct Elasticache clusters exceeding max age
- Detect & correct EMR Clusters idle 30 mins
- Detect & correct Lambda functions without graviton
- Detect & correct RDS DB instances exceeding max age
- Detect & correct RDS DB instances of older generation
- Detect & correct RDS DB instances with low connection count
- Detect & correct RDS DB instances without graviton processor
- Detect & correct Route53 health checks if unused
- Detect & correct Route53 records with lower TTL
- Detect & correct S3 buckets without lifecycle policy
- Detect & correct SecretsManager secrets if unused
- Detect & correct VPC EIPs if unattached
- Detect & correct VPC NAT gateways if unused
- Snapshot & Delete EBS Volume
Get Involved
Version
Correct SecretsManager secrets if unused
Overview
SecretsManager secrets have an inherent monthly cost, therefore secrets which are no longer accessed / used should be removed to prevent further charges.
This pipeline allows you to specify a collection of unused secrets and then either sends notifications or attempts to perform a predefined corrective action upon the collection.
Whilst it is possible to utilise this pipeline standalone, it is usually called from either:
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run aws_thrifty.pipeline.correct_secretsmanager_secrets_if_unused \ --arg 'items=<list({ cred = string name = string region = string title = string})>'
Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = aws_thrifty.pipeline.correct_secretsmanager_secrets_if_unused args = { items = <list({ cred = string name = string region = string title = string})> }}
Params
Name | Type | Required | Description | Default |
---|---|---|---|---|
items | list({ cred = string name = string region = string title = string }) | Yes | - | |
notifier | string | Yes | The name of the notifier to use for sending notification messages. | default |
notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
approvers | list(string) | Yes | List of notifiers to be used for obtaining action/approval decisions. |
|
default_action | string | Yes | The default action to use for the detected item, used if no input is provided. | notify |
enabled_actions | list(string) | Yes | The list of enabled actions to provide to approvers for selection. |
|
Outputs
This pipeline has no outputs.
Tags
category = Cost
class = unused
plugin = aws
service = AWS/Secrets Manager