Control: Ensure that all the expired DMS certificates are removed
Description
This control ensures that all expired DMS certificates are removed from AWS account.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.dms_certificate_not_expiredSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.dms_certificate_not_expired --shareSQL
This control uses a named query:
select arn as resource, case when valid_to_date < (current_date - interval '1' second) then 'alarm' else 'ok' end as status, case when valid_to_date < (current_date - interval '1' second) then title || ' expired ' || to_char(valid_to_date, 'DD-Mon-YYYY') || '.' else title || ' valid until ' || to_char(valid_to_date, 'DD-Mon-YYYY') || '.' end as reason , account_idfrom aws_dms_certificate;