Best practice rules for GCP CertificateManager
- Check for Compliant Trust Configuration
To prevent certificate validation from being bypassed, ensure your Certificate Manager Trust Configs are compliant.
- Enable Data Access Audit Logs for Certificate Manager
Ensure that Data Access audit logs are enabled for Certificate Manager resources.
- Enable Monitoring for Certificate Expiration
Ensure that Certificate Manager certificate expiration is being monitored using alerting policies.
- Implement Least Privilege Access for Certificate Manager using Cloud IAM
Ensure that IAM roles with administrative permissions are not used for Certificate Manager access control.
- SSL certificates validity period
Ensure that SSL certificates are renewed within the appropriate validity period.
- Use VPC Service Controls for Certificate Manager
Ensure that VPC Service Controls perimeters are used to protect your Certificate Manager resources from data exfiltration.