Policy: AWS > Secrets Manager > Secret > Rotation > Schedule Expression
Defines the schedule at which to rotate the secret. This policy supports two formats:
- Rate expressions: Define regular intervals for secret rotation, such as: - rate(4 hours) — Rotates every 4 hours (minimum allowed). - rate(7 days) — Rotates once every 7 days. - Allowed values: - Hours: 4 to 23 - Days: 1 to 999
- Cron expressions: Use AWS cron format: cron(Minutes Hours Day-of-month Month Day-of-week Year) - Examples: - cron(0 8/8 * * ? *) — Every 8 hours starting at 8:00 AM UTC. - cron(0 2/10 * * ? *) — Every 10 hours starting at 2:00 AM UTC. - cron(0 8 1/7 * ? *) — Every 7 days starting from the 1st of the month at 8:00 AM UTC. - cron(0 0 ? * SUN#1 *) — First Sunday of every month at midnight. - cron(0 16 L * ? *) — On the last day of every month at 4:00 PM UTC.
See Rotation schedules for more details.
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default template | |
Default template input | |
Examples [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/security
- tmod:@turbot/aws-secretsmanager#/policy/types/secretRotationScheduleExpression
- turbot graphql policy-type --id "tmod:@turbot/aws-secretsmanager#/policy/types/secretRotationScheduleExpression"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-secretsmanager#/policy/types/secretRotationScheduleExpression"
Get Policy TypeGet Policy Settings