Configuration for an AWS ACM-PCA (Private Certificate Authority) configured as a Root CA, including activation with a self-signed certificate and permissions for automatically renewing certificates within the account.
CloudFormationTerraformAWS CLI
Guided Walkthroughs
Configuration Packages
By Implementation
By Service Protected
Reference Guides
Other
Guided Walkthroughs
Configuration Packages
By Service Protected
VPC Security Controls
EC2 Security Controls
IAM Security Controls
S3 Security Controls
RDS Security Controls
OpenSearch/Elasticsearch Security Controls
EFS Security Controls
Route53 Security Controls
DynamoDB Security Controls
ECR Security Controls
EMR Security
Lambda Security
CloudFormation Security
CodeX Security Controls
AWS Certificate Manager (ACM) Security
Logging & Monitoring Configurations
Backups & DR
Billing and Cost ManagementBy Implementation
Reference Guides
Other
AWS Certificate Manager (ACM) Security
A collection of AWS Security controls for AWS (Certificate Authority) ACM and AWS (Certificate Authority-Private Certificate Authority) ACM-PCA. Controls include templates for provisioning ACM-PCA, AWS Config rules for monitoring compliance, and CloudWatch Alarms. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform
ACM
Configuration template for the expiry event configuration that determines the number of days prior to expiry when ACM starts generating EventBridge events.
CloudFormationAWS CLI
CloudWatch Events
A CloudWatch Event Rule that sends a notification to provide notice of approaching expiration of an ACM certificate. and forwards the events to an SNS topic.
CloudFormationTerraformAWS CLI
Config Rule
Checks whether ACM Certificates in your account are marked for expiration within the specified number of days. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.
CloudFormationTerraformAWS CLI
Filter by source
ACM
CloudWatch Events
Config Rule