News and Announcements

[AWS] Upcoming changes to CloudTrail events published by AWS Secrets Manager

Posted: 2023-08-11 10:59:35   Expiration: 2024-04-28 10:59:35

In January 2024, AWS Secrets Manager will publish a change to the format of the secret ARN response element in the CloudTrail event for some of the AWS Secrets Manager APIs listed at the end of this email. This change is made to standardize the response element for secret ARN in AWS CloudTrail events for all AWS Secret Manager APIs. If you do not use AWS CloudTrail logs for AWS Secrets Manager, you can disregard this message.Currently, 10 events, listed at the end of this email, are published with “aRN” as the response element while the rest of the events are published with “arn” as the response element. If you are consuming any of these 10 AWS CloudTrail Events in your workloads either directly or using Amazon EventBridge, we recommend you update your code to account for both formats of the secret ARN response element (“arn” and “aRN”) to ensure your code does not break with this upcoming change. After January 2024, you can choose to either keep the updated code to support both formats or change it to consume only “arn” format.Please refer to this link for details on the change to the response element of AWS CloudTrail events for AWS Secrets Manager.List of events that currently publish “aRN” and will be changed to “arn” starting January 2024:CancelRotateSecretDeleteResourcePolicyDeleteSecretPutResourcePolicyRemoveRegionsFromReplicationReplicateSecretToRegionsRestoreSecretRotateSecretStopReplicationToReplicaUpdateSecretVersionStageList of events with no change:CreateSecretDescribeSecretGetRandomPasswordGetResourcePolicyGetSecretValueListSecretsListSecretVersionIdsPutSecretValueTagResourceUntagResourceUpdateSecretValidateResourcePolicyIf you have any questions or need assistance determining if this change impacts you, please Contact the Public Cloud Team.

-- Public Cloud