Guided Walkthroughs

Configuration Packages

By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSAWS SSOIAM PoliciesVPC Endpoint PoliciesCloudFormation Guard RulesLoad BalancersRDS Event SubscriptionsAWS Resource Access Manager (RAM)

By Service Protected

Reference Guides

Other

Guided Walkthroughs

Configuration Packages

Configuration Stack
0

By Service Protected

VPC Security ControlsEC2 Security ControlsIAM Security ControlsS3 Security ControlsRDS Security ControlsOpenSearch/Elasticsearch Security ControlsEFS Security ControlsRoute53 Security ControlsDynamoDB Security ControlsECR Security ControlsEMR SecurityLambda SecurityCloudFormation SecurityCodeX Security ControlsCloudFront SecurityAWS Certificate Manager (ACM) SecurityLogging & Monitoring ConfigurationsBackups & DRBilling and Cost Management

By Implementation

Reference Guides

Other

AWS Certificate Manager (ACM) Security

A collection of AWS Security controls for AWS (Certificate Authority) ACM and AWS (Certificate Authority-Private Certificate Authority) ACM-PCA. Controls include templates for provisioning ACM-PCA, AWS Config rules for monitoring compliance, and CloudWatch Alarms. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform

ACM
Private Certificate Authroity (ACM-PCA)
Add to Stack

Configuration for an AWS ACM-PCA (Private Certificate Authority) configured as a Root CA, including activation with a self-signed certificate and permissions for automatically renewing certificates within the account.

CloudFormationTerraformAWS CLI
ACM Account Settings (Certificate Expiry Notification)
Add to Stack

Configuration template for the expiry event configuration that determines the number of days prior to expiry when ACM starts generating EventBridge events.

CloudFormationAWS CLI
CloudWatch Events
Detect and Notify on ACM Certificate Expiry Events
Add to Stack

A CloudWatch Event Rule that sends a notification to provide notice of approaching expiration of an ACM certificate. and forwards the events to an SNS topic.

CloudFormationTerraformAWS CLI
Detect and Notify on AWS Organizations Changes
Add to Stack

A CloudWatch Event Rule that detects changes to AWS Organizations and publishes change events to an SNS topic for notification.

CloudFormationTerraformAWS CLI
Config Rule
ACM Certificates Expiration Check
Add to Stack

Checks whether ACM Certificates in your account are marked for expiration within the specified number of days. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.

CloudFormationTerraformAWS CLI
Filter by source
 
ACM
CloudWatch Events
Config Rule