Configuring AWS Secrets Manager Logs to be Pushed to AWS CloudWatch

You can either use Cloudtrail or CloudWatch to monitor you secrets: https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html

What logs do you need from AWS Secrets Manager?
For example, API event history as output to CloudTrail?
From the following documentation, I don't think there is any setting that outputs directly to CloudWatch Logs.
Therefore, in some cases, it may be necessary to create a function that uses Lambda or other means to retrieve events from CloudTrail and send them to CloudWatch Logs.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring.html

Alternatively, all API events recorded in CloudTrail can be linked to CloudWatch Logs.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html

1. Open the AWS Secrets Manager console.
2. Select the Secrets Manager secret for which you want to configure logging.
3. Under the "Secret details" section, click on the "Edit" button.
4. Scroll down to the "Logging" section.
5. Enable the "Enable automatic rotation and log rotation" option if it is not already enabled. This ensures that the secret's logs are generated.
6. Select the CloudWatch log group where you want the logs to be sent. You can choose an existing log group or create a new one. If you choose to create a new log group, provide a name for it
7. Click the "Save" button to save the changes.