Ce produit n'est pas pris en charge par le
site Datadog que vous avez sélectionné. (
).
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Id: 5a443297-19d4-4381-9e5b-24faf947ec22
Cloud Provider: AWS
Platform: Ansible
Severity: Medium
Category: Access Control
Learn More
Description
Expired SSL/TLS certificates cause service outages by breaking TLS handshakes and undermine trust in encrypted connections. This can result in failed client connections and compliance or security issues. In Ansible, tasks using the community.aws.acm_certificate module must reference a certificate whose certificate.expiration_date is a future date. This rule flags community.aws.acm_certificate tasks where certificate.expiration_date is in the past. Renew or replace any expired certificates—for example, request a new ACM certificate or update the task to point to a renewed certificate—so certificate.expiration_date reflects a valid future date.
Compliant Code Examples
- name: upload a self-signed certificate2
community.aws.acm_certificate:
certificate: "{{ lookup('file', 'validCertificate.pem' ) }}"
privateKey: "{{ lookup('file', 'key.pem' ) }}"
name_tag: my_cert
region: ap-southeast-2
Non-Compliant Code Examples
- name: upload a self-signed certificate
community.aws.acm_certificate:
certificate: "{{ lookup('file', 'expiredCertificate.pem' ) }}"
privateKey: "{{ lookup('file', 'key.pem' ) }}"
name_tag: my_cert
region: ap-southeast-2
