fluidasserts.cloud.aws.cloudformation.secretsmanager module

AWS CloudFormation checks for SecretsManager.

fluidasserts.cloud.aws.cloudformation.secretsmanager.insecure_generate_secret_string(path, exclude=None, min_length=14)

Check if any ``AWS::SecretsManager::Secret` is weak configured.

AWS::SecretsManager::Secret entity creates a secret and stores it the Secrets Manager.

You can either set the SecretString attribute, or GenerateSecretString. In the later case, you are in charge of picking secure values to be used in the secret generation.

  • path (str) – Location of CloudFormation’s template file.

  • exclude (typing.Optional[typing.List[str]]) – Paths that contains any string from this list are ignored.

  • min_length (int) – Secrets are required to be generated with greater than or equal length than this parameter.


  • OPEN if GenerateSecretString attribute is miss-configured which will produce weak secrets.

  • UNKNOWN on errors.

  • CLOSED otherwise.

Return type