🚀Launch Week 08, April 14th - 18th, 2025🚀
Turbot Guardrails Hub 
Hub
Mods
AWS
172
Mods
434
Resource Types
6,816
Policies
2,341
Controls
1,637
Quick Actions
529
IAM

Policy: AWS > Secrets Manager > Secret > Rotation > Schedule Expression

Defines the schedule at which to rotate the secret. This policy supports two formats:

- Rate expressions: Define regular intervals for secret rotation, such as: - rate(4 hours) — Rotates every 4 hours (minimum allowed). - rate(7 days) — Rotates once every 7 days. - Allowed values: - Hours: 4 to 23 - Days: 1 to 999

- Cron expressions: Use AWS cron format: cron(Minutes Hours Day-of-month Month Day-of-week Year) - Examples: - cron(0 8/8 * * ? *) — Every 8 hours starting at 8:00 AM UTC. - cron(0 2/10 * * ? *) — Every 10 hours starting at 2:00 AM UTC. - cron(0 8 1/7 * ? *) — Every 7 days starting from the 1st of the month at 8:00 AM UTC. - cron(0 0 ? * SUN#1 *) — First Sunday of every month at midnight. - cron(0 16 L * ? *) — On the last day of every month at 4:00 PM UTC.

See Rotation schedules for more details.

Targets

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Setting this policy configures this control:

Policy Specification

Schema Type
string
Default template
{{ $.resource.scheduleExpression }}
Default template input
|
  {
    resource {
      scheduleExpression: get(path: "RotationRules.ScheduleExpression")
    }
  }
Examples [YAML]
  • rate(4 hours)

  • rate(1 day)

  • rate(7 days)

  • rate(30 days)

  • cron(0 8/8 * * ? *)

  • cron(0 2/10 * * ? *)

  • cron(0 8 1/7 * ? *)

  • cron(0 0 ? * SUN#1 *)

  • cron(0 16 L * ? *)

Category

In Your Workspace

Developers