Risk Level: Low
Cloud Entity: AWS Certificate Manager
CloudGuard Rule ID: D9.AWS.CRY.55
Covered by Spectral: No
Category: Security, Identity, & Compliance

GSL LOGIC

AcmCertificate should not have status like 'PENDING_VALIDATION'

REMEDIATION

From Portal
To manually check your certificate:

Open the AWS Certificate Manager console at https://console.aws.amazon.com/acm/home.
Expand a certificate to view its details.
Find the Renewal Status in the Details section. If you don't see the status, ACM hasn't started the managed renewal process for this certificate.

Managed renewal process for this certificate:
ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates.

From Command Line

aws acm describe-certificate --certificate-arn arn:aws:acm:region:123456789012:certificate/97b4deb6-8983-4e39-918e-ef1378924e1e

References

AWS Certificate Manager

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates.

Compliance Frameworks

AWS CIS Controls V 8
AWS CloudGuard Best Practices
AWS CloudGuard SOC2 based on AICPA TSC 2017
AWS HITRUST
AWS HITRUST v11.0.0
AWS ITSG-33
AWS MITRE ATT&CK Framework v10
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 5
CloudGuard AWS All Rules Ruleset