Open menu
-->

AWS Certificate Manager Best Practices

Managing SSL/TLS certificates in your AWS accounts allows you to efficiently reduce the risks of mimanagment when purchasing, uploading or renewing certificates by providing an easy solution for a seamless integration and management



Cloud Conformity checks the AWS Certificate Manager service according to the following rules:

Expired ACM Certificates
Ensure expired SSL/TLS certificates are removed from AWS Certificate Manager (ACM).

AWS ACM Certificates Renewal (30 days before expiration)
Ensure Amazon Certificate Manager (ACM) certificates are renewed before their expiration.

AWS ACM Certificates Renewal (45 days before expiration)
Ensure Amazon Certificate Manager (ACM) certificates are renewed before their expiration.

AWS ACM Certificates Renewal (7 days before expiration)
Ensure Amazon Certificate Manager (ACM) certificates are renewed before their expiration.

AWS ACM Certificates Validity
Ensure expired SSL/TLS certificates are removed from AWS Certificate Manager (ACM).

ACM Certificates with Wildcard Domain Names
Ensure that wildcard certificates issued by Amazon Certificate Manager (ACM) or imported to ACM are not in use.