Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
__init__.py		__init__.py
aws_iam_server_certificate_expired.py		aws_iam_server_certificate_expired.py
constraints.txt		constraints.txt
minimum_policy.json		minimum_policy.json
requirements-dev.txt		requirements-dev.txt
requirements.txt		requirements.txt

README.md

Delete Expired IAM Server Certificate

This job deletes expired IAM Server Certificate.

NOTE - Deleting the certificate could have implications for your application if you are using an expired server certificate with Elastic Load Balancing, Cloudfront etc. One has to make configurations at respective services to ensure there is no interruption in application.

Applicable Rule

Rule ID:

7fe4eb28-3b82-11eb-adc1-0242ac120002

Rule Name:

IAM server certificates that are expired should be removed

Getting Started

Prerequisites

The provided AWS credential must have access to iam:DeleteServerCertificate.

You may find the latest example policy file here

Running the script

You may run this script using following commands:

  pip install -r ../../requirements.txt
  python3 aws_iam_server_certificate_expired.py

Running the tests

You may run test using following command under vss-remediation-worker-job-code-python directory:

    python3 -m pytest test

Deployment

Provision a Virtual Machine Create an EC2 instance to use for the worker. The minimum required specifications are 128 MB memory and 1/2 Core CPU.
Setup Docker Install Docker on the newly provisioned EC2 instance. You can refer to the docs here for more information.
Deploy the worker image SSH into the EC2 instance and run the command below to deploy the worker image:

  docker run --rm -it --name worker \
  -e VSS_CLIENT_ID={ENTER CLIENT ID}
  -e VSS_CLIENT_SECRET={ENTER CLIENT SECRET} \
  vmware/vss-remediation-worker:latest-python

Contributing

The Secure State team welcomes welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our FAQ. All contributions to this repository must be signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on as an open-source patch.

For more detailed information, refer to CONTRIBUTING.md.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Authors

VMware Secure State - Initial work

See also the list of contributors who participated in this project.

License

This project is licensed under the Apache License - see the LICENSE file for details

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

aws_iam_server_certificate_expired

aws_iam_server_certificate_expired

README.md

Delete Expired IAM Server Certificate

Applicable Rule

Rule ID:

Rule Name:

Getting Started

Prerequisites

Running the script

Running the tests

Deployment

Contributing

Versioning

Authors

License

Files

aws_iam_server_certificate_expired

Directory actions

More options

Directory actions

More options

Latest commit

History

aws_iam_server_certificate_expired

Folders and files

parent directory

README.md

Delete Expired IAM Server Certificate

Applicable Rule

Rule ID:

Rule Name:

Getting Started

Prerequisites

Running the script

Running the tests

Deployment

Contributing

Versioning

Authors

License