Control: ACM certificates should not use wildcard certificates
Description
Ensure that ACM single domain name certificates are used instead of wildcard certificates within your AWS account in order to follow security best practices and protect each domain/subdomain with its own unique private key.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.acm_certificate_no_wildcard_domain_nameSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.acm_certificate_no_wildcard_domain_name --shareSQL
This control uses a named query:
select certificate_arn as resource, case when domain_name like '*%' then 'alarm' else 'ok' end as status, case when domain_name like '*%' then title || ' uses wildcard domain name.' else title || ' does not use wildcard domain name.' end as reason , region, account_idfrom aws_acm_certificate;