AWS-ACM-uses-imported-certificate-only

Severity: Medium

Description: This control ensures that ACM certificates are always imported and does not create/issue certificates. In addition to requesting certificates provided by AWS Certificate Manager (ACM), you can import certificates that you obtained outside of AWS. You might do this because you already obtained a certificate from a third-party issuer, or because the certificates provided by ACM do not meet your requirements.

Remediation Steps:

Perform following to  ensure ACM uses imported certificates:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to ACM console.

3. Choose Import a certificate button.

4. For Certificate body, paste the PEM-encoded certificate to import.

5. For Certificate private key, paste the PEM-encoded, unencrypted private key that matches the certificate's public key.

6. (Optional) For Certificate chain, paste the PEM-encoded certificate chain.

7. Choose Review and import.

Important:

Reference:

• Import certificates into AWS Certificate Manager - AWS Certificate Manager