AWS Certificate Manager (ACM) is a service provided by Amazon Web Services that makes it easy to provision, manage, and deploy SSL/TLS certificates for use with AWS services and internally connected resources.

The AWS Certificate Manager plugin does the following: 

• Connects to your AWS account using IAM credentials (either permanent access keys or temporary session tokens from AWS STS).
• Discovers all X.509 SSL/TLS certificates stored in ACM within a specified AWS region.  These include: 
  
  • Public Certificates—Free SSL/TLS certificates issued by ACM for use with AWS services like CloudFront, Application Load Balancers, and API Gateway.
  • Private Certificates—Certificates issued by AWS Private Certificate Authority for internal organizational use.
  • Imported Certificates—Third-party certificates that have been imported into ACM.
• Exports certificate data in PEM format along with comprehensive metadata.

Note:

• The plugin only extracts public certificate information. No private keys are accessed or exported. 
• The plugin does not support incremental scanning. Each scan operation processes all certificates in the specified region regardless of when they were last modified.