AWS Certificate Manager

Overview

QCecuring integrates with AWS Certificate Manager (ACM) to give security and operations teams unified visibility into both cloud-managed and externally issued certificates. This helps avoid blind spots when critical public-facing endpoints are fronted by AWS services.

Key capabilities

• Discovery of certificates managed by ACM across accounts and regions.
• Correlation of ACM certificates with applications, domains, and owners tracked in QCecuring.
• Alerting on upcoming expirations and configuration issues for ACM-managed endpoints.
• Optional workflows to re-issue or migrate certificates to enterprise PKI where required.

Typical use cases

• Organizations using ACM for public certificates on CloudFront, ALB/ELB, and API Gateway.
• Security teams consolidating certificate inventory across AWS, other clouds, and on-prem.
• Governance programs requiring a single source of truth for certificate ownership and risk.

High-level integration flow

1. Configure QCecuring with read-appropriate IAM permissions for ACM resources in relevant AWS accounts.
2. The platform inventories ACM certificates, associated domain names, and bound resources.
3. Certificates are normalized into QCecuring’s inventory, with metadata for owners, business units, and environments.
4. Teams use centralized dashboards and alerts to manage ACM certificate lifecycles alongside other PKI assets.
5. Optional: define workflows to migrate selected ACM certificates to enterprise CAs managed through QCecuring.

CBOM Discovery

QCecuring’s CBOM scanner discovers and inventories all ACM-managed certificates, their algorithms, key sizes, and associated resources. This feeds into your Cryptographic Bill of Materials for PQC readiness assessment.