Risk Level: Low
Cloud Entity: AWS Certificate Manager
CloudGuard Rule ID: D9.AWS.CRY.28
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

AcmCertificate should have inUseBy with ['%arn%']

REMEDIATION

From Portal
Following are the steps to delete unused certificates:

Open the ACM console at https://console.aws.amazon.com/acm/.
In the list of certificates, select the check box for an ACM certificate, then choose Delete.

Alternatively, you can associate/use the unused certificate to the resource which requires the certificate.

From Command Line
Use the delete-certificate command to delete a certificate, as shown in the following command:

aws acm delete-certificate --certificate-arn ARN

References

AWS Certificate Manager

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.

Compliance Frameworks

AWS CSA CCM v.4.0.1
AWS CloudGuard Best Practices
AWS CloudGuard Well Architected Framework
AWS HITRUST
AWS HITRUST v11.0.0
AWS ITSG-33
AWS MAS TRM Framework
AWS MITRE ATT&CK Framework v10
AWS MITRE ATT&CK Framework v11.3
CloudGuard AWS All Rules Ruleset