What's new?

• AWS Secrets Manager real-time event handling now respects the AWS > Secrets > CMDB policy. The mod previously forwarded every aws.secretsmanager CloudWatch event through a static, catch-all event source, so events such as secretsmanager:PutSecretValue kept arriving even when the Secret CMDB policy was set to Enforce: Disabled. The Event Sources policy is now calculated from the Secret CMDB policy: it forwards the aws.secretsmanager source while CMDB is Enforce: Enabled, and forwards nothing when CMDB is Enforce: Disabled or Skip.