Policy: AWS > CIS v1.4 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed (Automated)
Configures auditing against a CIS Benchmark item.
Level: 1 (Scored)
To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can use ACM or IAM to store and deploy server certificates. Use IAM as a certificate manager only when you must support HTTPS connections in a region that is not supported by ACM. IAM securely encrypts your private keys and stores the encrypted version in IAM SSL certificate storage. IAM supports deploying server certificates in all regions, but you must obtain your certificate from an external provider for use with AWS. You cannot upload an ACM certificate to IAM. Additionally, you cannot manage your certificates from the IAM Console.
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
- AWS > CIS v1.4
- AWS > CIS v1.4 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed (Automated)
- AWS > CIS v1.4 > 1 - Identity and Access Management
Policy Specification
Schema Type | |
|---|---|
Default | |
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/v0713
- tmod:@turbot/aws-cisv1-4#/policy/types/r0119
- turbot graphql policy-type --id "tmod:@turbot/aws-cisv1-4#/policy/types/r0119"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-cisv1-4#/policy/types/r0119"
Get Policy TypeGet Policy Settings