Skip to content

compliance-framework/plugin-aws-acm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github/workflows
.github/workflows
 
 
internal
internal
 
 
.gitignore
.gitignore
 
 
.goreleaser.yaml
.goreleaser.yaml
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

plugin-aws-acm

A CCF compliance plugin for AWS Certificate Manager (ACM). Fetches certificate data from ACM and evaluates OPA Rego policies to produce Evidence for the CCF API.

What the plugin checks is determined entirely by the policy bundles configured in the agent. The plugin itself is policy-agnostic — it fetches ACM certificate data and makes it available to whatever policies are loaded.

Configuration

Key Type Default Description
regions string required Comma-separated list of AWS regions, e.g. us-east-1,eu-west-1
accounts string "" Comma-separated list of AWS account IDs to evaluate (optional)
policy_labels JSON object {} Extra labels added to all Evidence entries

AWS credentials are resolved from the environment using the standard AWS SDK credential chain (environment variables, shared credentials file, instance profile, etc.).

Required IAM permissions

{
  "Effect": "Allow",
  "Action": [
    "acm:ListCertificates",
    "acm:DescribeCertificate",
    "acm:ListTagsForCertificate"
  ],
  "Resource": "*"
}

Local development

make build          # produces dist/plugin
make test           # runs unit tests

See examples/agent-config.yaml for agent configuration examples.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages