Update CHANGELOG

dfpc-coe · Apr 26, 2024 · df99b4f · df99b4f
1 parent a73cd99
commit df99b4f
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,10 @@
 
 ## Version History
 
+### v1.9.0
+
+- :rocket: Enable `Certificate-Expiration` Rule & Urgent Alarms
+
 ### v1.8.0
 
 - :rocket: Enabled `Cloudformation-Drift` Urgent Alarms

diff --git a/cloudformation/lib/rules.js b/cloudformation/lib/rules.js
@@ -2,6 +2,24 @@ import cf from '@openaddresses/cloudfriend';
 
 const resources = {
     Resources: {
+        CertificateExpiration: {
+            Type: "AWS::Config::ConfigRule",
+            Properties: {
+                ConfigRuleName: 'Certificate-Expiration',
+                Description: "Ensure's ACM Certificates are not about to expire",
+                InputParameters: {
+                    daysToExpiration: 15
+                },
+                MaximumExecutionFrequency: 'TwentyFour_Hours',
+                Scope: {
+                    ComplianceResourceTypes: [ 'AWS::CertificateManager::Certificate' ],
+                },
+                Source: {
+                    SourceIdentifier: 'ACM_CERTIFICATE_EXPIRATION_CHECK',
+                    Owner: 'AWS'
+                }
+            }
+        },
         CloudformationDrift: {
             Type: "AWS::Config::ConfigRule",
             Properties: {

diff --git a/index.js b/index.js
@@ -4,7 +4,8 @@ const { randomUUID } = require('node:crypto');
 
 const Enabled_Urgent_Rules = [
     'Required-Tags',
-    'Cloudformation-Drift'
+    'Cloudformation-Drift',
+    'Certificate-Expiration'
 ];
 
 async function handler() {