Guided Walkthroughs

Configuration Packages

Custom Packages

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides

Other

AWS Certificate Manager (ACM) Security

A collection of AWS Security controls for AWS (Certificate Authority) ACM and AWS (Certificate Authority-Private Certificate Authority) ACM-PCA. Controls include templates for provisioning ACM-PCA, AWS Config rules for monitoring compliance, and CloudWatch Alarms. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform

ACM

Configuration for an AWS ACM-PCA (Private Certificate Authority) configured as a Root CA, including activation with a self-signed certificate and permissions for automatically renewing certificates within the account.

CloudFormationTerraformAWS CLI

Configuration template for the expiry event configuration that determines the number of days prior to expiry when ACM starts generating EventBridge events.

CloudFormationAWS CLI
CloudWatch Events

A CloudWatch Event Rule that sends a notification to provide notice of approaching expiration of an ACM certificate. and forwards the events to an SNS topic.

CloudFormationTerraformAWS CLI
Config Rule

Checks whether ACM Certificates in your account are marked for expiration within the specified number of days. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.

CloudFormationTerraformAWS CLI
Filter by source
 
ACM
CloudWatch Events
Config Rule