turbot/aws_compliance

Query: elb_application_lb_listener_certificate_expire_30_days

Usage

powerpipe query aws_compliance.query.elb_application_lb_listener_certificate_expire_30_days

SQL

select
load_balancer_arn as resource,
case
when date(not_after) - date(current_date) >= 30 then 'ok'
else 'alarm'
end as status,
l.title || ' certificate set to expire in ' || extract(day from not_after - current_date) || ' days.' as reason
, l.region, l.account_id
from
aws_ec2_load_balancer_listener as l,
jsonb_array_elements(certificates) as c
left join aws_acm_certificate as a on c ->> 'CertificateArn' = a.certificate_arn;

Controls

The query is being used by the following controls: