ACM has a PENDING_VALIDATION Certificate
Check the ACM for certificates that have the status PENDING_VALIDATION
Risk Level: Low
Cloud Entity: AWS Certificate Manager
CloudGuard Rule ID: D9.AWS.CRY.55
Category: Security, Identity, & Compliance
GSL LOGIC
AcmCertificate should not have status like 'PENDING_VALIDATION'
REMEDIATION
From Portal
To manually check your certificate:
- Open the AWS Certificate Manager console at https://console.aws.amazon.com/acm/home.
- Expand a certificate to view its details.
- Find the Renewal Status in the Details section. If you don't see the status, ACM hasn't started the managed renewal process for this certificate.
Managed renewal process for this certificate:
ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates.
From Command Line
aws acm describe-certificate --certificate-arn arn:aws:acm:region:123456789012:certificate/97b4deb6-8983-4e39-918e-ef1378924e1e
References
- https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
- https://docs.aws.amazon.com/acm/latest/userguide/check-certificate-renewal-status.html
AWS Certificate Manager
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.
Compliance Frameworks
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ITSG-33
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
Updated over 1 year ago