Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed in order to follow IAM security best practices.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Removing expired SSL/TLS certificates eliminates the risk that an invalid certificate will be deployed accidentally to a resource such as AWS Elastic Load Balancer (ELB), which will trigger font-end errors and damage the credibility of the application/website behind the ELB.
To determine if there are any expired SSL/TLS certificates currently available in IAM, perform the following:Note: Getting the certificates expiration information via AWS Management Console is not currently supported. To request information about the SSL/TLS certificates stored in IAM via the AWS API use the Command Line Interface (CLI).
Remediation / Resolution
To delete any expired SSL/TLS certificates currently available in AWS IAM, perform the following:Note: Removing invalid certificates via AWS Management Console is not currently supported. To delete SSL/TLS certificates stored in IAM via the AWS API use the Command Line Interface (CLI).
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Expired SSL/TLS Certificate
Risk level: Low