Control: Directory Service certificates should not expire within 90 days
Description
Is is recommended to monitor certificate expiration and implement automated alerts to notify the responsible team for timely certificate replacement or removal.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.directory_service_certificate_expires_90_daysSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.directory_service_certificate_expires_90_days --shareSQL
This control uses a named query:
select certificate_id as resource, case when date(expiry_date_time) - date(current_date) >= 90 then 'ok' else 'alarm' end as status, title || ' expires ' || to_char(expiry_date_time, 'DD-Mon-YYYY') || ' (' || extract(day from expiry_date_time - current_date) || ' days).' as reason , region, account_idfrom aws_directory_service_certificate;