Control: Directory Service certificates should not expire within 90 days

Description

Is is recommended to monitor certificate expiration and implement automated alerts to notify the responsible team for timely certificate replacement or removal.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.directory_service_certificate_expires_90_days

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.directory_service_certificate_expires_90_days --share

SQL

This control uses a named query:

select
  certificate_id as resource,
  case
    when date(expiry_date_time) - date(current_date) >= 90 then 'ok'
    else 'alarm'
  end as status,
  title || ' expires ' || to_char(expiry_date_time, 'DD-Mon-YYYY') ||
    ' (' || extract(day from expiry_date_time - current_date) || ' days).' as reason
  , region, account_id
from
  aws_directory_service_certificate;

Control: Directory Service certificates should not expire within 90 days

Description

Usage

SQL

Tags