By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

To control the usage of Certificate in AWS

0

Client is unable to control the usage of certificates, looking for AWS best practices for Certificate tracking and monitoring.

Topics
Security, Identity, & Compliance
Tags
AWS Audit ManagerAWS Certificate ManagerAWS Private Certificate Authority
Language
English
Learn_everyday
asked a year ago263 views
2 Answers
0
Accepted Answer

Here is official AWS documentation about best practices when using Amazon Certificate Manager

Including:

Set up certificate expiration alerts: AWS services like ACM and ACM PCA can send expiration alerts via email or SNS topic when a certificate is about to expire. You can also use CloudWatch Events to set up custom alerts based on specific criteria, such as a certain percentage of certificates expiring within a given time period.

Use AWS Config: AWS Config is a fully managed service that provides a detailed inventory of your AWS resources, including certificates. You can use AWS Config to track certificate usage and changes, and you can set up rules to monitor changes to certificate attributes.

Enable AWS CloudTrail: AWS CloudTrail is a service that enables you to log, continuously monitor, and retain account activity related to AWS resources and services, including certificate management. You can use CloudTrail to monitor certificate activity, identify changes to certificate attributes, and troubleshoot issues.

Use AWS Identity and Access Management (IAM) to manage access: IAM enables you to manage access to AWS services and resources, including certificates. You can use IAM to create roles and policies that restrict access to specific users or groups, and you can use IAM to enforce multi-factor authentication for certificate management operations.

profile pictureAWS
Niko
answered a year ago
  • Learn_everyday
    a year ago

    Many thanks Niko. This is super helpful to prepare my use case. I will go through this and confirm back. Thanks once again.

  • Learn_everyday
    a year ago

    I have been able to extract lot of useful info from the article above. It would help a great deal if there are any case studies for best practices or deployment from current ACM customers?

0

hi,

Please consider using Amazon Certificate Manager that can renew and rotate certificates for you.

https://aws.amazon.com/certificate-manager/

Jeff

AWS
Jeff Lombardo-AWS
answered a year ago
  • Learn_everyday
    a year ago

    Many thanks Jeff. This is quite helpful to understand provisioning ACM and further manage certificates. I am digging deep to utilise AWS offerings to track the certificates like Config, Cloud trail etc.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content