Knowledge BasePanther.comRelease NotesDemo Request
Search…
Overview
Quick Start
Data Sources & Transports
Writing Detections
Cloud Security Scanning
Cloud Resource Attributes
AWS
ACM Certificate
CloudFormation Stack
CloudWatch Log Group
CloudTrail
CloudTrail Meta
Config Recorder
Config Recorder Meta
DynamoDB Table
EC2 AMI
EC2 Instance
EC2 Network ACL
EC2 SecurityGroup
EC2 Volume
EC2 VPC
ECS Cluster
EKS Cluster
ELBV2 Application Load Balancer
GuardDuty Detector
GuardDuty Detector Meta
IAM Group
IAM Policy
IAM Role
IAM Root User
IAM User
KMS Key
Lambda Function
Password Policy
RDS Instance
Redshift Cluster
S3 Bucket
WAF Web ACL
Destinations
Data Analytics
Enrichment (Beta)
System Configuration
Panther API (Beta)
Guides
Help
Powered By GitBook
ACM Certificate
This page provides an overview of the basics of AWS Certificate Manager (ACM) Certificate.

Resource Type

AWS.ACM.Certificate

Resource ID Format

For ACM Certificates, the resource ID is the ARN as shown here:
arn:aws:acm:us-east-1:123456789012:certificate/12345678-12ab-34cd-56ef-12345678

Background

The ACM Certificate resource represents public SSL/TLS certificates on your AWS based websites and applications.

Fields

The following table describes the Fields you can use:
Field
Type
Description
CertificateAuthorityArn
String
The Amazon Resource Name to the Private CA​
DomainName
String
Fully qualified domain name (FQDN), such as www.example.com, that you want to secure with an ACM certificate.
DomainValidationOptions
List
Validation information of each domain name that occurs as a result of the RequestCertificate request
ExtendedKeyUsages
List
The Extended Key Usage X.509 v3 extension defines one or more purposes for which the public key can be used. This is in addition to or in place of the basic purposes specified by the Key Usage extension
FailureReason
String
The reason the certificate request failed
InUseBy
List
A list of ARNs for the Amazon Web Services resources that are using the certificate
IssuedAt
Timestamp
The time at which the certificate was issued. This value exists only when the certificate type is AMAZON_ISSUED
Issuer
String
The name of the certificate authority that issued and signed the certificate
KeyAlgorithm
String
The algorithm that was used to generate the public-private key pair.
KeyUsages
List
The Key Usage X.509 v3 extension defines the purpose of the public key contained in the certificate
NotAfter
Timestamp
The time after which the certificate is not valid
NotBefore
Timestamp
The time before which the certificate is not valid
Options
Map
Value that specifies whether to add the certificate to a transparency log
RenewalEligibility
String
Specifies whether the certificate is eligible for renewal
RenewalSummary
String
Contains information about the status of ACM's managed renewal for the certificate
RevocationReason
String
The reason the certificate was revoked
RevokedAt
Timestamp
The time at which the certificate was revoked
Serial
String
The serial number of the certificate
SignatureAlgorithm
String
The algorithm that was used to sign the certificate

Example

{
"AccountId": "123456789012",
"Arn": "arn:aws:acm:us-west-2:123456789012:certificate/aaaa-1111",
"CertificateAuthorityArn": null,
"DomainName": "staging.runpanther.xyz",
"DomainValidationOptions": [
{
"DomainName": "example.com",
"ResourceRecord": {
"Name": "example.com.",
"Type": "CNAME",
"Value": "111.acm-validations.aws."
},
"ValidationDomain": "example.com",
"ValidationEmails": null,
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
},
{
"DomainName": "*.example.com",
"ResourceRecord": {
"Name": "111.example.com.",
"Type": "CNAME",
"Value": "111.acm-validations.aws."
},
"ValidationDomain": "*.example.com",
"ValidationEmails": null,
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
}
],
"ExtendedKeyUsages": [
{
"Name": "TLS_WEB_CLIENT_AUTHENTICATION",
"OID": "1.1.1.1.1.1.1.1.1"
},
{
"Name": "TLS_WEB_SERVER_AUTHENTICATION",
"OID": "2.2.2.2.2.2.2.2.2"
}
],
"FailureReason": null,
"InUseBy": [
"arn:aws:cloudfront::123456789012:distribution/AAAA"
],
"IssuedAt": "2019-01-01T00:00:00Z",
"Issuer": "Amazon",
"KeyAlgorithm": "RSA-2048",
"KeyUsages": [
{
"Name": "KEY_ENCIPHERMENT"
},
{
"Name": "DIGITAL_SIGNATURE"
}
],
"Name": "example.com",
"NotAfter": "2020-01-01T00:00:00Z",
"NotBefore": "2019-01-01T00:00:00Z",
"Options": {
"CertificateTransparencyLoggingPreference": "ENABLED"
},
"Region": "us-west-2",
"RenewalEligibility": "ELIGIBLE",
"RenewalSummary": null,
"ResourceId": "arn:aws:acm:us-west-2:123456789012:certificate/aaaa-1111",
"ResourceType": "AWS.ACM.Certificate",
"RevocationReason": null,
"RevokedAt": null,
"Serial": "00:00:00:00:00:00:00:00:00:00:00:00:de:ad:be:ef",
"SignatureAlgorithm": "SHA256WITHRSA",
"Status": "ISSUED",
"Subject": "CN=staging.runpanther.xyz",
"SubjectAlternativeNames": [
"example.com",
"*.example.com"
],
"Tags": null,
"TimeCreated": null,
"Type": "AMAZON_ISSUED"
}

References

Previous
AWS
Next
CloudFormation Stack
Last modified 1mo ago
Copy link
Outline
Resource Type
Resource ID Format
Background
Fields
Example
References