dms1981

This will need to happen in conversation with the Xhibit Portal team to get an understanding of how their service has been utilised since launch - eg, any expected traffic...

I've taken this one out of sprint as it looks like the AWS managed ACLs for Shield were either overwritten or not fully applied with a count action. We'll need...

NB - this should probably wait for `sprint 32` to be actioned if we want the full 30 days to elapse.

Checked and saw no events - switched action for `Shield-Count` rule to `block

See https://github.com/ministryofjustice/modernisation-platform/issues/2054 - this story will ensure that the scheduler has the appropriate limited permissions it will require

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-rotate-iam-user-access-keys-at-scale-with-aws-organizations-and-aws-secrets-manager.html?did=pg_card&trk=pg_card

Given that we're progressing with OIDC, I'm going to close this card as it's no longer relevant.

@jakemulley - was this solved by the implementation of AWS Resource Groups / Tag Editor? If so, are we clear to close this issue?

From an initial read this would require some lambda to properly implement: * https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-other.html * https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-generic * https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRotationTemplate/lambda_function.py

Requires completion of #2035 to unblock this story