ACM has a PENDING_VALIDATION Certificate

Check the ACM for certificates that have the status PENDING_VALIDATION

Risk Level: Low
Cloud Entity: AWS Certificate Manager
CloudGuard Rule ID: D9.AWS.CRY.55
Category: Security, Identity, & Compliance

GSL LOGIC

AcmCertificate should not have status like 'PENDING_VALIDATION'

REMEDIATION

From Portal
To manually check your certificate:

  1. Open the AWS Certificate Manager console at https://console.aws.amazon.com/acm/home.
  2. Expand a certificate to view its details.
  3. Find the Renewal Status in the Details section. If you don't see the status, ACM hasn't started the managed renewal process for this certificate.

Managed renewal process for this certificate:
ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates.

From Command Line

aws acm describe-certificate --certificate-arn arn:aws:acm:region:123456789012:certificate/97b4deb6-8983-4e39-918e-ef1378924e1e

References

  1. https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
  2. https://docs.aws.amazon.com/acm/latest/userguide/check-certificate-renewal-status.html

AWS Certificate Manager

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ITSG-33
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-53 Rev 5