Challenge
Ensuring visibility and real-time alerting for access to sensitive credentials stored in AWS Secrets Manager.
Solution
This project implements a serverless security monitoring system in AWS to detect and alert on access to sensitive secrets stored in Secrets Manager. The system captures secret access events, analyzes them, and sends real-time notifications to administrators, ensuring automated security monitoring and compliance.
Key Components:
- Secrets Manager: Stores sensitive data (API keys, credentials) as encrypted key-value pairs.
- CloudTrail: Logs all management events, including secret access, and stores them in S3 for long-term retention.
- CloudWatch Logs: Aggregates CloudTrail logs, enabling filtering, metric creation, and event analysis.
- CloudWatch Metric Filters & Alarms: Count secret access events and trigger alerts when thresholds are met.
- SNS (Simple Notification Service): Sends email notifications to alert administrators immediately.
Architecture overview
Step 01
Secret is created in Secrets Manager.
Step 02
CloudTrail logs every access to the secret.
Step 03
CloudWatch Logs captures events and applies metric filters.
Step 04
When an access threshold is reached, a CloudWatch Alarm triggers an SNS notification.
Step 05
Administrator receives a near real-time email alert.
Tools
AWS Secrets Manager
CloudTrail
CloudWatch
SNS
S3