AWS_ACM_6

Ensure ACM has no PENDING_VALIDATION Certificate

Description

Checks the ACM for certificates that have status PENDING_VALIDATION. It is recommended that ACM Certificates should not have status like ‘PENDING_VALIDATION’.

Remediation

From Portal:To manually check your certificate:
1. Open the AWS Certificate Manager console at https://console.aws.amazon.com/acm/home.
2. Expand a certificate to view its details.
3. Find the Renewal Status in the Details section. If you don’t see the status, ACM hasn’t started the managed renewal process for this certificate.

Managed renewal process for this certificate:
ACM provides managed renewal for your Amazon-issued SSL/TLS certificates. This means that ACM will either renew your certificates automatically (if you are using DNS validation), or it will send you email notices when expiration is approaching. These services are provided for both public and private ACM certificates.

From Command Line:
aws acm describe-certificate –certificate-arn ARN(Put your Certificate arn here)

References:
1. https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
2. https://docs.aws.amazon.com/acm/latest/userguide/check-certificate-renewal-status.html

Service

ACM

Severity

Low

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!