Ensure that all the expired Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates managed by AWS Certificate Manager are removed in order to adhere to Amazon Security Best Practices. Certificate Manager is the AWS service that lets you easily provision, manage, and deploy SSL/TLS certificates for use with other Amazon services such as Elastic Load Balancing and CloudFront.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Removing expired AWS ACM certificates eliminates the risk that an invalid SSL/TLS certificate will be deployed accidentally to another resource such as Elastic Load Balancing (ELB), action that can trigger front-end errors and damage the credibility of the web application/website behind the ELB.
To determine if there are any expired SSL/TLS certificates managed by AWS Certificate Manager, perform the following :
To delete any expired SSL/TLS certificates managed by AWS Certificate Manager, perform the following: