Checks whether the duration between the expiration date of the SSL certificate that is associated with the listeners of the Application Load Balancer (ALB) instance and the current date is greater than the specified value. If so, the evaluation result is Compliance.
Scenarios
This rule helps you detect the ALB instance whose SSL certificates are about to expire and renew the SSL certificates in a timely manner to prevent service interruptions caused by expired SSL certificates.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
Checks whether the duration between the expiration date of the SSL certificate that is associated with the listeners of the ALB instance and the current date is greater than the specified value. If so, the evaluation result is Compliance.
You cannot use this rule to detect the ALB instance whose CA certificates are about to expire.
Rule details
Parameter | Description |
Rule Template Name | alb-all-listener-certificate-expired-check |
Rule Template Identifier | |
Tag | ALB |
Automatic remediation | Not supported |
Invoke Type | Periodic: Every 24 hours |
Supported resource type | ALB instance (ACS::ALB::LoadBalancer) |
Input parameter | The parameter name is days. Default value: 30. Unit: days. The parameter specifies the duration between the expiration date of the SSL certificate and the current date. Default value: 30. |
Incompliance remediation
Change the duration between the expiration date of the SSL certificate that is associated with the listeners of the ALB instance and the current date to a value greater than the specified value. For more information, see Manage certificates.