Home
Pricing
Github
Slack Channel
Home
Quick Start
Development
Operations
User Guide
Destinations
Analysis
Tutorials
Help
Log Analysis
Overview
Setup
Rules
Supported Logs
Standard Fields
Cloud Security
Overview
Setup
Policies
Built-in Policy Runbooks
Automatic Remediation
Supported Resources
AWS
ACM Certificate
CloudFormation Stack
CloudWatch Log Group
CloudTrail
CloudTrail Meta
Config Recorder
Config Recorder Meta
DynamoDB Table
EC2 AMI
EC2 Instance
EC2 Network ACL
EC2 SecurityGroup
EC2 Volume
EC2 VPC
ECS Cluster
ELBV2 Application Load Balancer
GuardDuty Detector
GuardDuty Detector Meta
IAM Group
IAM Policy
IAM Role
IAM Root User
IAM User
KMS Key
Lambda Function
Password Policy
RDS Instance
Redshift Cluster
S3 Bucket
WAF Web ACL
Enterprise
SAML/SSO Integration
Data Analytics
SaaS Logs
Snowflake Integration
SAML/SSO Integration
Role-Based Access Control
Powered by GitBook

ACM Certificate

This page provides an overview of the basics of AWS Certificate Manager (ACM) Certificate.

Resource Type

AWS.ACM.Certificate

Resource ID Format

For ACM Certificates, the resource ID is the ARN as shown here:

arn:aws:acm:us-east-1:123456789012:certificate/11111111-1111-1111-1111-111111111111

Background

The ACM Certificate resource represents public SSL/TLS certificates on your AWS based websites and applications.

Fields

The following table describes the Fields you can use:

Field

Type

Description

​

​

​

​

CertificateAuthorityArn

String

The Amazon Resource Name to the Private CA​

​

​

​

​

DomainValidationOptions

List

Validation information of each domain name that occurs as a result of the RequestCertificate request

​

​

​

​

FailureReason

String

The reason the certificate request failed

​

​

​

​

NotAfter

String

The time after which the certificate is not valid

​

​

​

​

NotBefore

String

The time before which the certificate is not valid

​

​

​

​

Status

String

`PENDING_VALIDATION

ISSUED

INACTIVE EXPIRED

VALIDATION_TIMED_OUT

REVOKED FAILED`

Example

{
    "AccountId": "123456789012",
    "Arn": "arn:aws:acm:us-west-2:123456789012:certificate/aaaa-1111",
    "CertificateAuthorityArn": null,
    "DomainName": "staging.runpanther.xyz",
    "DomainValidationOptions": [
        {
            "DomainName": "example.com",
            "ResourceRecord": {
                "Name": "example.com.",
                "Type": "CNAME",
                "Value": "111.acm-validations.aws."
            },
            "ValidationDomain": "example.com",
            "ValidationEmails": null,
            "ValidationMethod": "DNS",
            "ValidationStatus": "SUCCESS"
        },
        {
            "DomainName": "*.example.com",
            "ResourceRecord": {
                "Name": "111.example.com.",
                "Type": "CNAME",
                "Value": "111.acm-validations.aws."
            },
            "ValidationDomain": "*.example.com",
            "ValidationEmails": null,
            "ValidationMethod": "DNS",
            "ValidationStatus": "SUCCESS"
        }
    ],
    "ExtendedKeyUsages": [
        {
            "Name": "TLS_WEB_CLIENT_AUTHENTICATION",
            "OID": "1.1.1.1.1.1.1.1.1"
        },
        {
            "Name": "TLS_WEB_SERVER_AUTHENTICATION",
            "OID": "2.2.2.2.2.2.2.2.2"
        }
    ],
    "FailureReason": null,
    "InUseBy": [
        "arn:aws:cloudfront::123456789012:distribution/AAAA"
    ],
    "IssuedAt": "2019-01-01T00:00:00Z",
    "Issuer": "Amazon",
    "KeyAlgorithm": "RSA-2048",
    "KeyUsages": [
        {
            "Name": "KEY_ENCIPHERMENT"
        },
        {
            "Name": "DIGITAL_SIGNATURE"
        }
    ],
    "Name": "example.com",
    "NotAfter": "2020-01-01T00:00:00Z",
    "NotBefore": "2019-01-01T00:00:00Z",
    "Options": {
        "CertificateTransparencyLoggingPreference": "ENABLED"
    },
    "Region": "us-west-2",
    "RenewalEligibility": "ELIGIBLE",
    "RenewalSummary": null,
    "ResourceId": "arn:aws:acm:us-west-2:123456789012:certificate/aaaa-1111",
    "ResourceType": "AWS.ACM.Certificate",
    "RevocationReason": null,
    "RevokedAt": null,
    "Serial": "00:00:00:00:00:00:00:00:00:00:00:00:de:ad:be:ef",
    "SignatureAlgorithm": "SHA256WITHRSA",
    "Status": "ISSUED",
    "Subject": "CN=staging.runpanther.xyz",
    "SubjectAlternativeNames": [
        "example.com",
        "*.example.com"
    ],
    "Tags": null,
    "TimeCreated": null,
    "Type": "AMAZON_ISSUED"
}

References

Previous
AWS
Next
CloudFormation Stack
Last updated 4 months ago
Contents
Resource Type
Resource ID Format
Background
Fields
Example
References