AWS ACM certificates does not have logging preference

Description

To guard against SSL/TLS certificates that are issued by mistake or by a compromised CA, some browsers like Chrome require that public certificates issued for a domain be recorded in a certificate transparency log. The domain name is recorded, but not the private key. Certificates that are not logged typically generate an error in the browser.

Code Example

shell

{
 "aws acm request-certificate \\
--domain-name example.com \\
--validation-method DNS \\
--options CertificateTransparencyLoggingPreference=ENABLED \",
}

Remediation

Console

It is not possible to adjust transparency logging via console.

CLI

Rule Details

Field	Value
ID	IAC-0282
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_AWS_234

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS ACM certificates does not have logging preference

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS ACM certificates does not have logging preference ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS ACM certificates does not have logging preference

Description

Code Example

Remediation

Rule Details

References