Risk Level: Low
Cloud Entity: AWS Certificate Manager
CloudGuard Rule ID: D9.AWS.CRY.40
Covered by Spectral: No
Category: Security, Identity, & Compliance
AcmCertificate should not have status = 'EXPIRED'
- Sign in to the AWS Management Console.
- Navigate to AWS ACM dashboard at https://console.aws.amazon.com/acm/.
- Select the SSL/TLS certificate that you want to remove with the status as Expired
- Click on the expired certificate and review the certificate details (domain name and ID).
- Click Delete to confirm the action.
- Repeat step number 3 and 4 to remove other expired AWS ACM certificates available within the selected region.
- Change the AWS region from the navigation bar and repeat the process for other regions.
From Command Line
Use the delete-certificate command to delete an expired certificate, as shown in the following command:
aws acm delete-certificate --certificate-arn ARN
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.
- AWS CIS Controls V 8
- AWS CSA CCM v.4.0.1
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ISO27001:2022
- AWS ITSG-33
- AWS MAS TRM Framework
- AWS MITRE ATT&CK Framework v10
- AWS MITRE ATT&CK Framework v11.3
- AWS NIST 800-53 Rev 5
- AWS PCI-DSS 4.0
- CloudGuard AWS All Rules Ruleset
Updated 3 months ago