A company uses AWS Secrets Manager to rotate secrets for its RDS database. The rotation fails periodically, and the security team needs to troubleshoot. Which CloudWatch metric should be monitored to detect rotation failures?
This metric indicates rotation success or failure.
Why this answer
Option C is correct because Secrets Manager publishes CloudWatch metrics for rotation success and failure. Option A is incorrect because KMS key usage metrics are not specific to rotation. Option B is incorrect because Lambda function invocations may not capture all failures.
Option D is incorrect because RDS metrics do not include Secrets Manager rotation status.