Certificate has expired

문서 > Datadog 보안 > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Certificate has expired

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: c3831315-5ae6-4fa8-b458-3d4d5ab7a3f6

Cloud Provider: aws

Framework: Terraform

Severity: Medium

Category: Access Control

Learn More

Provider Reference

Description

Expired SSL/TLS certificates should be removed from cloud resources to prevent the risk of exposing users to insecure or untrusted connections. When a resource, such as an AWS API Gateway custom domain, is configured with an expired certificate (for example, certificate_body = file("expiredCertificate.pem")), clients attempting to access the API will receive security warnings, and automated clients may reject the connection entirely. This vulnerability undermines the integrity and trust of the service, potentially leading to denial of service, data interception, or man-in-the-middle attacks. Regularly updating and ensuring only valid certificates are used helps maintain secure encrypted communications between clients and services.

Compliant Code Examples

resource "aws_api_gateway_domain_name" "example" {
  certificate_body = file("validCertificate.pem")
  domain_name     = "api.example.com"
}

Non-Compliant Code Examples

resource "aws_api_gateway_domain_name" "example2" {
  certificate_body = file("expiredCertificate.pem")
  domain_name     = "api.example.com"
}